Hosting Requirements to Link with HIPAA - Things You Need To Know

Health Insurance Portability and Accountability Act, or HIPAA of 1996, is a federal that makes people’s lives easier in such a way that it will protect the confidentiality, keep health insurance, help healthcare industry in controlling administrative costs and secure the healthcare information. Based from the security guidelines made by the HIPAA, it is not only the covered entities but also the business associates who are required of meeting the national standards for Technical, Physical and Administrative security in health information.

To keep the security of protected data, it is an obvious fact that applications will be managed, transmitted and stored with the use of HIPAA compliant hosting. But what are the needed HIPAA hosting requirements to make that possible?

The security rules for HIPAA calls for the given safeguards in order to meet the compliance. It includes the following:

• physical safeguards
• administrative safeguards
• technical safeguards

Normally, the HIPAA hosting meets only the requirements for Physical Safeguard. It means that HIPAA hosting alone will not make the app for HIPAA compliant. All the hosting providers who take care of the protected HIPAA data are required of signing in the “Business Associate Agreement”. This is to ensure that the service providers safeguard, disclose and use personally the identifiable information of patient properly. 

More so, the complaint must comply with the HIPAA hosting requirements dictated by security rule of the HIPAA. The requirements include the following:

• Media Re-use: They must follow procedures for the removal of ePHI from the electronic media before it is made available for the re-use.
• Workstation Use: They must follow the procedures and policies which specify the necessary functions. It must perform in such a way that the functions will be really performed. Its physical attributes must also surrounds the class of workstation or specific workstation that will able to access the ePHI.
• PHI disposal: They must follow the implemented procedures and policies which address an ultimate disposal of the ePHI. And also with the electronic media and hardware on which this is stored.
• Workstation Security: They should implement the physical safeguards in all the workstations that can be accessed in ePHI and electronic media or hardware to where it is located or stored.

All the requirements stated above must be implemented for every company that wants to deal in the world of HIPAA. The company must document their given choice whether they want or not to get along with the behind logic of it. However, generally speaking, the HIPAA hosting companies must do the implementation in addition to the required physical specification. It will become the best practices which will contribute ultimately in the security of the sensitive data. 

The HIPAA hosting requirements compliance will enable for the protection of data security such as the failure requirements, access to servers, data redundancy and the like are just the portion of the totality of everything. While there is no question to be asked regarding about the use of HIPAA compliant hosting, it is the first step forward in order to ensure that the HIPAA requirements are met.

HIPAA Hosting with Amazon Web Service

Among the zillion costly HIPAA hosting providers, AWS is one of the best possible, affordable HIPAA hosting provider. The hosting services are so much of junk with advertisements that a lot of good services lke Amazon get hidden. Unfortunately, its also because Amazon doesn't offer a business ready HIPAA solution. Whoever wants a HIPAA hosting need to rent their infrastructure and build on it on their on.  Yes its a bit complex but the cost would be much less than buying it from another hosting provider. Apart from that, you get the flexibility to design the mechanisms according the the needs of your organization too. If you are good with cloud service programming then by using the services like Elastic Cloud and Amazon DB you could design the perfect HIPAA compliant hosting service for you enterprise. All you have to do is after creating the basic hosting infrastructure, add the security configurations necessary as per the HIPAA Guidelines, this step involves adding secure storage, automated periodic back-up and encryption on the fly. Most of these services are provided by Amazon Web Service already.

Checking HIPAA Hosting Compliance - 3 Essential Qualities

HIPAA compliant storage management is fundamentally concerned with few important qualities that you must follow. The main point the health organization should understand is that the privacy of a person is preserved with utmost confidentiality and the data is accessible quickly in any situation. Following three qualities are required for HIPAA compliant storage.

• Data Integrity : Means, data storage is done in the most systematic manner . There shouldn't be any data duplication in the system. All storage must be optimized for reduced database usage. Integrity is can be technically associated with the concepts of 'normalization' followed in the database i.e. database tables will be designed with special attention to avoid data duplication, in fact the actual data will be stored in one place although it could be accessed and displayed in several places. 
• Availability of Data : In a medical environment the data should be available even if any contingencies happen suddenly. One solution is storing data off-site in some other environment and taking automated back-ups every day.
• Confidentiality  : The patient data electronic Patient Health Record ( ePHR )  must be stored in a secure environment, protected from external intrusion attempts and encrypting on the fly. Only the permitted data must be accessible to people permitted to access it.

In IT the technologies used to implement these features change rapidly over time. However, choosing a good one working fine for the past few years would be fine.

How To Find The Best HIPAA Compliant Hosting Provider For Your Helath Center ?

Due to the parallel growth of IT in health sector, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), has now become a vital part of all the the technology implementations in a healthcare institute. A HIPAA Compliant web hosting is necessary when you want to host the records and files of your patient on a server. The HIPAA Compliance makes it very strict to allow access to Patient health information (PHI) only for the person who are meant to be. It also implements other security methods encryption of data in the network, intrusion detection and logging of operations on the system. Currently, there are several top notch hosting providers with Hipaa compliance. Researching on each of their features deeply would help you find the right one that suits your health care institute and save you the cost of leasing expensive hosting service from the provider. Stay tuned for the analysis reports of each HIPAA Compliant hosting provider!

There are dozens of such compatible hosting providers popping up every month. An analysis on some of the Best HIPAA Compliant Hosting Providers could reveal staggering difference in the prices of each of them. This is the area in Hosting is a gold mine for all those hosting providers. The HIPAA documentation doesn't specify ' techinically' how these procedures in law should be implemented ( Eg: as encryption- for secure data storage , the HIPAA documentation specify exactly which algorithm to follow ). This cramps up the people at health institutions who are less technically familiar with computing terms. This unawareness is often exploited by several hosting providers and charged high fee for small services. Unless you want to see a hefty hosting bill every month, its better to conduct an audit from a trusted HIPAA expert and estimate the actual cost before jumping in for a plan.

Should I hire a System Admin and maintain my own system HIPAA Compliant system or sign-up for a full-package service from an external vendor?

First, there is no one size fits all solution for HIPAA Compliant hosting. You'll have custom db, services etc even if you are going to get the service directly from a vendor. But this will, of course be far cheaper and reliable than hiring a sys admin and setting up your own systems.

I've been investigating on more hipaa compliant hosting services and found this useful discussion in YCombinator News. YCombinator is one of the world's best start-up incubators and recently there have been new companies focusing on HIPAA related services. It will be good bet to get services from one of these new service providers since they'll be very responsive and much more affordable. If you got to the thread you can directly find some contact info of company owners and you can talk to them for a special plan that suits you. Soon, I'll try to list out about the HIPAA providers discussed in the this YC thread.