These days, multiple industries require HIPAA-compliant hosting and while the mass majority of the general public, and most industry leaders, have heard the term, the fact remains that all too few are fully aware of what HIPAA is, what HIPAA means, and what organizations are required to comply.
As such, we wanted to take a few minutes today to define HIPAA as well as compliant hosting and what both mean for you. Whether you’re a covered organization, a cloud service provider (CSP), managed service provider (MSP), or just someone that wishes to know more, continue reading for a better understanding of this important regulation.
What is HIPAA?
HIPAA is the official acronym for the Health Insurance Portability and Accountability Act that was passed in 1996 by Congress. It requires healthcare providers and organizations, as well as all business associates, to develop procedures that ensure the confidentiality and security of protected health information (PHI) whenever that data is received, stored, handled, transferred, or shared.
HIPAA Security also addresses the safeguards that must be implemented in order to protect the client data. These required procedures must be followed at all times and apply to all forms of PHI, including paper, oral, electronic, etc. Furthermore, organizations are only allowed to use or share the minimum health information necessary to conduct business.
HIPAA is divided into 5 separate titles.
Title I — HIPAA Health Insurance Reform
Protects health insurance coverage for workers and their families when they change or lose their jobs.
Title II — HIPAA Administrative Simplification
Required the Department of Health and Human Services to establish national standards for electronic health care transactions, as well as national identifiers for providers, health plans, and employers. Title II also addressed the privacy and security of client’s health data.
Title III — HIPAA Tax Related Health Provisions
Provides for certain deductions for medical insurance, and makes other changes to health insurance law.
Title IV — Application and Enforcement of Group Health Plan Requirements
Specifies conditions for group health plans regarding coverage of persons with pre-existing conditions, and modifies continuation of coverage requirements.
Title V — Revenue Offsets
Includes provisions related to company-owned life insurance, treatment of individuals who lose U.S. Citizenship for income tax purposes, and repeals the financial institution rule to interest allocation rules.
In summary, HIPAA guidelines:
- Mandate industry-wide standards for health care information on electronic billing and other processes.
- Requires the protection and confidential handling of all PHI.
- Enables millions of American workers and their families to transfer and continue health insurance coverage whenever they lose or change their employment.
- Help reduce health care abuse and fraud.
Whether you’re an actual healthcare provider or a business associate that deals with customer PHI and data, you have to ensure that you’re compliant with HIPAA regulations.
HIPAA & Data Storage
With the increasing widespread adoption of cloud computing solutions, those organizations that are covered under HIPAA have started questioning whether or not they can take advantage of cloud computing while complying with the regulations. And if so, how?
As such, MSPs and CSPs are finding themselves questioning whether they themselves must be compliant, as well as encountering an increasing amount of both current and potential clients with compliance questions and/or outright requiring HIPAA compliant hosting services.
Whenever a HIPAA covered organization engages the services of an MSP or CSP to store, create, receive, maintain, or transmit PHI on its behalf, under HIPAA the provider is considered to be a business associate. This means that if your organization provides, or hopes to provide, hosting services to entities covered under HIPAA regulations, you must follow the guidelines, rules, and stipulations as well.
This is true even if you simply process or store only encrypted PHI and lack an encryption key for the data. Simply lacking an encryption key doesn’t exempt you from that business associate status and the obligations that go along with it under the HIPAA rules. Additionally, both you and the client must enter into a HIPAA-compliant business associate agreement (BAA) which makes you contractually liable for meeting the terms of the BAA, as well as directly liable for compliance with the applicable requirements of the HIPAA rules.
So, What is HIPAA Compliant Hosting?
HIPAA compliant hosting is a server based solution. This is the perfect answer for organizations that either don’t have the capability or simply don’t want to have any of the hardware or data locally stored in-house. The database servers as well as web and application servers are all located in the data center(s) of a HIPAA Compliant Hosting provider and data is accessed through the cloud from anywhere the client have an internet connection.
At a minimum, your HIPAA Compliant Hosting Solution should also include a Database Server, Firewall, and Web or Application Server. Additionally, your HIPAA hosting solution should provide:
- Data encryption for both Data In Transit and Data at Rest
- Managed Firewall Protection & VPN Access
- Advanced 24/7/365 Data Center Infrastructure, Security Services & Access Controls
- SSL certificate for users accessing the website
- Two-Factor Authentication Support
- Restricted document printing
- Prohibiting users from saving data to external drives
- Vulnerability assessments
Your HIPAA Solution
Whether you’re an entity covered by HIPAA rules or you’re an MSP or CSP looking to expand your service offerings, Connectria has the expertise, certifications, and experience you require. We meet and even exceed the requirements outlined above and there’s more than one reason why we’re a leader in the industry.
For those with multiple cloud instances or service providers looking to partner with a HIPAA compliant hosting provider, we have another rather enticing benefit that may make you want to contact us today. With our TRiA Cloud Management Platform, you get a fantastic tool that is a single pane of glass view and gives you everything you need to manage all of your cloud environments from a centralized dashboard.
With TRiA, you can monitor security and compliance against a wide range of frameworks and regulations including HIPAA, PCI, GDPR, NIST, ISO 27001, and more. TRiA is also the only Cloud Management Platform (CMP) that enables you to manage multiple clouds, from today’s hyper-scale AWS, Azure and GCP clouds to legacy IBM i environments through x86 and more under a single dashboard-driven platform.
Simply put, there isn’t another CMP in the market that is as robust as the TRiA Cloud Management Platform. Sign up for a free trial or visit our website for more information on how Connectria can help you meet your HIPAA, cloud hosting, or cloud management requirements.