There are certain industries that require a higher level of data security. Beyond the normal companies and industries, intelligence gathering, finance and health all require a higher level of data protection. In terms of the health industry, with patient records becoming digitized in the past decade, these records needed to be secured and stabilized. Due to that, HIPAA Compliant Hosting was mandated.
What is HIPAA Compliant Hosting?
First enacted in 1996 under President Bill Clinton, HIPAA (The Health Insurance Portability and Accountability Act) was designed to help and help workers health care rights. The act is split into two titles, both of which touch on the protections of workers in regards to healthcare however for the sake of HIPAA shared hosting and HIPAA compliant hosting requirements, we need to take a look at HIPAA Title II. HIPAA Title II,
“Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.” – Wikipedia
As HIPAA Title II deals with national standards for electronic health care transactions, all web hosting firms who conduct business with health care companies have to apply by national HIPAA Shared Hosting Service requirements.
The HIPAA Compliant Web Hosting regulations are:
– Send/Deliver Full Encryption: HIPAA compliant hosting requirements mean data transported from one company to another is always encrypted. For HIPAA Compliant Hosting Services to be considered HIPPA compliant web hosting, both ends of transmission must be encrypted at all times.
– Infinite Data Backup: All data, regardless of how old or how new it is, for it to fall under HIPAA shared hosting, must be backed up, never deleted and remain wholly searchable. Backups must happen often, they must be kept until a court says otherwise and they must remain searchable.
– HIPAA Compliant Servers Authorization: In regards to HIPAA Compliant Hosting, Title II of HIPAA states that healthcare data is solely accessible by noted authorized persons utilizing fully unique and regularly audited data controls.
– Data Integrity: As mandated for HIPAA compliant hosting services, all data must never be changed, edited, altered or tampered with. All HIPAA protected data must always remain in the condition it was transmitted in.
– Data Storage Regulations: All data which is stored, just like all data which is backed up, must be encrypted at all times. Encrypted data for HIPAA Compliant Servers means all data must be encrypted when stored and continue to be encrypted when archived.
– Data Deletion: All data stored with HIPAA compliant hosting solutions must remain live, searchable and encrypted until a court rules said data can be deleted. This means the only way data can be deleted is by court order. Moreover, when HIPAA shared hosting data is deleted, it must be done so with full encryption.
– Location of Omnibus/HITECH: The last mandate of HIPAA compliant servers is Omnibus/HITECH must be located on the hosting servers of the Cloud company you utilize for your HIPAA hosting. If it isn’t located on the servers of your hosting company, your hosting company can’t be considered HIPAA compliant web hosting.
A Quick Look at HIPAA Compliant Hosting Companies
Like any purchasable service, there is more than one hosting company who offers HIPAA shared hosting and HiPAA compliant servers. To quickly name a few, RackSpace, GoDaddy, Liquid Web, Amazon, Microsoft are all HIPAA compliant web hosting solutions. As you would imagine, the resource capabilities, the compute resources, the level of tech support and the pricing structure for all the aforementioned HIPAA compliant hosting solutions are all varied and all offer differing solutions. It is up to you, as a customer, to determine which hosting solution is best for your medical practice.