HIPAA Compliant Hosting: Keys to a Solid Provider

HIPAA-logoHealthcare organizations frequently turn to managed service providers (MSPs) to manage their cloud solution. MSPs are crucial to ensuring that the healthcare organization maintains a secure and HIPAA compliant hosting infrastructure. How can you be certain that your MSP meets and exceeds the technical, physical, and administrative safeguards necessary to protect your data and keep your company compliant?

Business Associate Agreement
A BAA is meant to establish a clear delineation of responsibility around the security of your data and the liabilities including civil and criminal penalties where HIPAA compliance is concerned. A clear understanding of what you are and are not responsible for must be outlined. Look for a hosting company that is BAA Friendly.

The right MSP will maintain certifications from 3rd-party auditors that attest to their high level of security and compliance expertise. A well-qualified MSP will also have extensive experience working with healthcare organizations and their regulatory challenges, including those related to the HITECH Act and Omnibus Rule. Ask about certifications and external audits, as well as how often certification is renewed.

On-going auditing and reporting
HIPAA Security Rule requires “regular” environmental audits for security threats, but does not specifically define “regular”. Monthly or quarterly security audits are the standard to keep your information fully secure and compliant.

Disaster recovery plan and Business continuity plan
An MSP must anticipate how natural disasters, security attacks, or other events could possibly impact their systems and security, and develop response policies and plans. Ask about their fail-safes and redundancies. Are there multiple power sources and back-ups in place to keep your data accessible? How reliable are their network connections?

Excellent Support Services
Data back-up protection, continuous monitoring, and 24/7/365 live support is essential; as is reliable, fast assistance in the replacement of critical equipment. Is the support line automated or fully staffed? Will you be able to speak directly with high-level engineers? What is the wait-time on replacing critical business infrastructure?

Although most MSPs offer the same basic services – cloud design, migration, and maintenance – it is the security expertise and ability to build compliant solutions that will matter the most. For more information on our HIPAA compliant solutions, please contact us.