Colocation America is proud to announce that it has passed the Health Insurance Portability and Accountability Act (HIPAA) audit. Our data centers are now in compliance with all 19 HIPAA requirements which means we can provide secure HIPAA compliant server hosting service for all of our clients, especially those in the healthcare industry.
After a rigorous revamp of our data center, protected health information (PHI) is now stored and hosted online in accordance to HIPAA hosting standards. We provide a dedicated firewall to prevent network threats and unauthorized access to sensitive patients’ health records as well as training for our data center technicians to follow proper HIPAA law compliance protocols.
PHIs are stored as encrypted data to prevent any unauthorized access. All of our servers are diligently monitored by trained IT personnel and our clients are alerted to any unauthorized access to their servers. Furthermore, a documented disaster recovery plan is in place to ensure that important data can be recovered in case of an unexpected data center disaster.
What Is HIPAA?
In order for a data center to be HIPAA compliant they must first pass a rigorous audit to ensure that the facility follows the Code of Federal Regulation (CFR) set by HIPAA inspectors. The inspectors take a detail look into the inner workings of a data center to ensure that any and all data stored inside are protected and only available to those authorized to view them.
They also check to see if a Business Associate Agreement (BAA) is made between the hosting provider and clients with data that are PHI. Any violation of a patient’s PHI are reported to the Office of Civil Rights (OCR). A Business Association Agreement binds employees of both parties to report any such violations.
What Are the HIPAA Compliance Requirements?
Data centers must provide adequate HIPAA data security measures to protect the data of their clients. These security measures include:
- SSL Certificates & HTTPS – All types of web-based access to a patient’s PHI are encrypted and secure to prevent unauthorized connections.
- AES Encryption – Advanced Encryption Standard used to encrypt PHI stored on dedicated servers
- A Virtual or Dedicated Private Firewall Services – A secure firewall will prevent any unauthorized access to protected files.
- Remote VPN Access – Those with proper credentials will be able to access the protected network using a remote computer.
- Disaster Recovery – A documented backup recover plan in case of lost PHI or server malfunction.
- Dedicated IP Address – Private IP address that is cutoff from the public Internet
- Redundant, Isolated, and Secure database and web servers
- High speed connection with hardware that can run a variety of software and application for communication with multiple types of devices.
- Separate Test Server
What Are the HIPAA Encryption Requirements?
- Encryption and Decryption – 164.312(a)(2)(iv): Implement a method to encrypt and decrypt electronic protected health information.
- Encryption – 164.312(e)(2)(ii): Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate.
What Is the HIPAA Omnibus Rule?
Updates to HIPAA compliance went into effect on September 23, 2013. The Omnibus Rule now holds all third party contractors responsible for any data breach that may occur. This includes any subcontractors, entities or persons who transmit or receive protected health information (PHI). Previously, all liability was assumed by the hosting provider and not the business associates who directly or indirectly entered into a service agreement with the hosting provider.
The HIPAA Omnibus Rule extends this liability to subcontractors and business associate agreements (BAA) to ensure patient information is handled with the utmost integrity and discretion. Colocation America takes all necessary precautions to protect patient information as stipulated by the Omnibus Rule and now holds all third party subcontractors liable for any breach that may take place.
HIPAA Compliance Data Center and the Health Industry
Adopting an electronic medical record system is a great way for hospitals, doctor’s office, clinics, or any other type of businesses in the healthcare industry to easily share information with each other. An electronic medical record system speed up the process when dealing with insurance companies by allowing patients’ medical records to be access online.
Insurance companies do not have to call and wait for businesses to fax over important documents. Doctors can share patients’ information such as scan, diagnoses, or medical records through the use of a high speed internet connection. Having an online server provides a medical database for doctors to cross reference and insurance companies to speed up the paperwork.
Are There Government Incentives for HIPAA Compliant Hosting?
The American Recovery and Reinvestment Act (ARRA) was signed into effect in 2009 to upgrade the network infrastructure of healthcare institution. The act aims to provide healthcare organization with funding to transition from paper health records to electronic health records.
Under the ARRA, the Health Information Technology for Economic and Clinical Health Act, or HITECH Act, gives financial incentives for healthcare businesses looking to transition to electronic health records in the hopes of improving the way they send and retrieve information. Physicians and medical offices can qualify for a $44,000 government grant over a 5 year time period if they shift towards utilizing dedicated servers to host electronic health records.
Offices that accept Medicaid can receive up to $63,700 in government grant over a 6 year time period. As healthcare facilities try to meet new standards set forth by these acts, they discover that operating an in-house data center was not a cost effective solution. HIPPA officials impose hefty fines to those that do not follow proper security guidelines.
With that said, it is cost efficient to purchase hosting services from an HIPAA compliance data center. If both the healthcare business and the hosting provider are already HIPAA certified, further cost can be saved by forgoing expensive HIPAA audits. Establishing a Business Association Agreement between the hosting provider and its clients will legally bind both parties to follow HIPAA rules.