Colocation America is proud to announce that it has passed the Health Insurance Portability and Accountability Act (HIPAA) audit. Our data centers are now in compliance with all 19 HIPAA standards which means we can provide secure server hosting service for all of our clients, especially those in the healthcare industry. After a rigorous revamp of our data center, protected health information (PHI) is now stored and hosted online in accordance to HIPAA hosting standards. We provide a dedicated firewall to prevent network threats and unauthorized access to sensitive patients’ health records as well as training for our data center technicians to follow proper HIPAA compliance protocols. PHIs are stored as encrypted data to prevent any unauthorized access. All of our servers are diligently monitored by trained IT personnel and our clients are alerted to any unauthorized access to their servers. Furthermore, a documented disaster recovery plan is in place to ensure that important data can be recovered in case of an unexpected data center disaster.
HIPAA Omnibus RuleUpdates to HIPAA compliance went into effect on September 23, 2013. The Omnibus Rule now holds all third party contractors responsible for any data breach that may occur. This includes any subcontractors, entities or persons who transmit or receive protected health information (PHI). Previously, all liability was assumed by the hosting provider and not the business associates who directly or indirectly entered into a service agreement with the hosting provider. The HIPAA Omnibus Rule extends this liability to subcontractors and business associate agreements (BAA) to ensure patient information is handled with the utmost integrity and discretion. Colocation America takes all necessary precautions to protect patient information as stipulated by the Omnibus Rule and now holds all third party subcontractors liable for any breach that may take place.
Secure Hosting for Protected DataIn order for a data center to be HIPAA compliant they must first pass a rigors audit to ensure that the facility follows the Code of Federal Regulation (CFR) set by HIPAA inspectors. The inspectors take a detail look into the inner workings of a data center to ensure that any and all data stored inside are protected and only available to those authorized to view them. They also check to see if a Business Association Agreement (BAA) is made between the hosting provider and clients with data that are PHI. Any violation of a patient’s PHI are reported to the Office of Civil Rights (OCR). A Business Association Agreement binds employees of both parties to report any such violations.
Data centers must provide adequate security measures to protect the data of their clients. These security measures include:
- SSL Certificates & HTTPS – All types of web-based access to a patient’s PHI are encrypted and secure to prevent unauthorized connections.
- AES Encryption – Advanced Encryption Standard used to encrypt PHI stored on dedicated servers
- A Virtual or Dedicated Private Firewall Services – A secure firewall will prevent any unauthorized access to protected files.
- Remote VPN Access – Those with proper credentials will be able to access the protected network using a remote computer.
- Disaster Recovery – A documented backup recover plan in case of lost PHI or server malfunction.
- Dedicated IP Address – Private IP address that is cutoff from the public Internet
- Redundant, Isolated, and Secure database and web servers
- High speed connection with hardware that can run a variety of software and application for communication with multiple types of devices.
- Separate Test Server