Compliance hosting is when an IT hosting company customizes a hosted solution so that it complies with a certain regulation, such as PCI DSS or SOX.
HIPAA compliance hosting, of course, is a hosted solution that has been customized to comply with the IT requirements of the Health Insurance Portability and Accountability Act.
Hosted solutions that can be made HIPAA compliant include hosted virtual desktops, hosted virtual and dedicated servers, hosted Terminal Services/Remote Desktop Services servers, and standalone hosted applications such as hosted EMR/EHR software and hosted SharePoint.
HIPAA, if you’re not familiar with it, is a federal law that requires most healthcare organizations (including healthcare providers such as hospitals and physicians’ offices, health insurance companies, and health care clearinghouses) to ensure the privacy and security of patients’ information.
Organizations can be penalized up to $1.5 million per year for every HIPAA requirement that they violate. The Department of Health and Human Services (HHS) also publicizes violations and the resulting penalties on its website.
HIPAA Security and Data Loss Prevention Measures
A HIPAA-compliant hosted solution usually includes some or all of the following security and data loss prevention measures:
- An authentication system that requires each person with access to the solution to select a unique username and password, and to have to log in in order to access the solution
- Two-factor authentication (which requires users to log in with both a password and a temporary code that’s texted to their phone number after they’ve entered the correct password)
- Automatically-enforced password strength requirements (including minimum length and the required use of symbols, numbers, and upper and lowercase letters), and requiring users to change their passwords after a certain number of days (usually 90)
- Network and system security measures such as firewalls, intrusion detection, and prevention systems (IDS/IPS), network segmentation, spam filtering, content filtering, in-transit, and at-rest encryption, patch management, and antivirus software
- Physical security measures at the hosting company’s data centers such as unlisted and nondescript buildings, locked metal doors, biometric access panels (finger and palm print readers and eye scanners), security guards, alarms, closed-circuit video surveillance cameras, server cages, and mandatory check-ins, IDs, and escorts for all visitors
- Around-the-clock monitoring of the hosted solution’s security by the hosting provider’s personnel, who’ll immediately respond to any security issues that they find
- A data backup system that automatically backs up all of the solution’s data on a regular basis
- Logging of all user login attempts and other significant actions
In addition to making your hosted solution compliant with HIPAA, other benefits of HIPAA compliance hosting include:
Less IT management hassles
With HIPAA compliance hosting, most hosting companies will set up, manage, and maintain the hosted solution for you. They’ll purchase and set up the hosting hardware and software, deploy the solution, and implement and maintain all of the necessary security and data loss prevention measures. That includes authentication systems, network and system security measures, around-the-clock monitoring, and automated data backups.
It’s often more affordable for healthcare organizations to sign up for HIPAA compliance hosting than it is for them to deploy the solution in-house in a compliant way.
This is mainly because with HIPAA compliance hosting you’re sharing the hosting company’s security and data loss prevention measures.
These checks include enterprise-level authentication systems, data backup systems, 24x7x365 system, and network monitoring and alarm response, etc. with the hosting company’s other customers.
So, you only have to pay a small percentage of the total costs of these measures—while if you implemented a HIPAA-compliant solution in-house you’d be responsible for 100 percent of the costs.
The security measures included with a HIPAA-compliant hosted solution not only make the solution compliant with HIPAA, they also protect your organization from costly and disruptive security breaches.
Hosted solutions such as hosted desktops and hosted applications can be accessed from anywhere from any Internet-connected computer, tablet, or smartphone.
Among other things, this allows healthcare workers to access their applications and files outside of the workplace. This means allowing doctors to complete some of their work from the comfort of home, for example. Or to access patients’ records and give a diagnosis or treatment advice if the doctors are unable to make it to the hospital or office.
This allows doctors to access their applications and files from a tablet that they carry with them rather than having to log in to a new PC in each different examination room. It also enables healthcare organizations to outsource some of their work to remote employees to improve quality or reduce costs.
For example, outsourcing the analysis of medical imaging tests to a doctor in another area because there aren’t any qualified specialists in the area or because the ones that are in the area are too expensive.
Hosted solutions are scalable, which means that you can add (or subtract) any amount of users and resources such as vCPUs, RAM, and storage space to them (or from them) quickly and easily.
This makes it quicker and easier for healthcare organizations to supply new hires with IT resources they need to do their do their jobs.
It also makes it easier for healthcare organizations to add IT resources as they expand. As well as to reduce them when downsizing without getting stuck with a bunch of unused, expensive hardware.
To sign up for HIPAA compliance hosting, simply contact an IT hosting company that offers it and that’s capable of meeting all of your IT requirements and preferences.