Contact Us
Blog March 13, 2013

The Difference Between HIPAA Compliant and HIPAA Compliance

So what do you do when you want to be HIPAA compliant?  Simply outsource compliance to a managed hosting provider?  Not quite, there is much more to outsourcing a HIPAA environment than most understand.

Common Misconceptions

There are many misconceptions surrounding Managed Hosting and HIPAA compliance.  Perhaps the biggest misconception is that you can become HIPAA compliant solely through outsourcing a HIPAA Compliant Hosting Solution.  Despite the claims of many vendors, you cannot achieve compliance through a managed hosting service alone.  There is much more to HIPAA compliance beyond securing electronic data within the Data Center.  This is just one piece of the puzzle and makes up only a small part of the overall HIPAA audit.  Managed Hosting Companies have not covered entities, and cannot achieve compliance in and of themselves.  Managed hosting companies can, however, significantly support your efforts to achieve HIPAA compliance.  They do so since the very nature of their business is to secure their customers’ data using high-security standards and best practices for storing data.  Additionally, a few hosting companies can provide HIPAA specific measures and solutions to better assist in protecting electronic data.

Hosting Responsibilities

A simple way to look at where the responsibility lies;  a hosting provider is responsible for how data is securely transmitted and stored within the systems they have control over. The covered entity (your business) has responsibility for enforcing how data is uploaded and retrieved as well as who has access to that data and how they use it. HIPAA Compliance IT services hosting companies can provide:

  • Data encryption for both Data In Transit and Data at Rest
  • An SSL certificate for users accessing the website
  • Managed Firewall Protection & VPN Access
  • Advanced 24/7/365 Data Center Infrastructure, Security Services  & Access Controls
  • Two-Factor Authentication Support
  • Restricting users from saving data to external drives (like DropBox or Google Drive)
  • Restricting the printing of documents
  • Vulnerability assessments based on environment design

Your Organization’s Responsibilities

HIPAA Services hosting companies cannot provide:

  • Physical security of your building
  • Password protection by each of your employees (such as taping your password to the bottom of your keyboard)
  • Enforcement of an organization’s acceptable use policies
  • Restricting access of sensitive documents to specific users (without your direction)
  • Properly removing users from internal systems after termination

Contact Connectria today if you have any additional questions on HIPAA Compliant Hosting please add a comment below and we will answer them in an upcoming post. We hear these sorts of questions from our customers/ prospects on a daily basis and will continue to develop more content that will help shed some more light on the topic.

Related Resources

Everything You Need to Know About Connectria’s IBM with AWS Hybrid Cloud
Connectria provides IBM i and AIX customers a reliable, fully managed hosting solution with low-latency connectivity options to AWS. Information about Connectria’s IBM Power Systems…
Business Advantages and Disadvantages of Hybrid Cloud 
Hybrid cloud environments are typically defined as leveraging a mix of on-premises infrastructure, private cloud services, and public cloud services – such as AWS or…
Meet Your IBM i High Availability/Disaster Recovery Goals
In 2021, a comprehensive disaster recovery strategy is a business imperative, and business leaders understand that. In the most recent IBM i Marketplace Survey,   …