HIPAA Compliant Data Centers | Colocation America
Colocation America is proud to announce that it has passed the Health Insurance Portability and Accountability Act (HIPAA) audit. Our data centers are now in compliance with all 19 HIPAA standards which means we can provide secure server hosting service for all of our clients, especially those in the healthcare industry. After a rigorous revamp of our data center, protected health information (PHI) are now stored and hosted online in accordance to HIPAA hosting standards. We provide a dedicated firewall to prevent network threats and unauthorized access to sensitive patients' health records as well as training for our data center technicians to follow proper HIPAA compliance protocols.
PHIs are stored as encrypted data to prevent any unauthorized access. All of our servers are diligently monitored by trained IT personnel and our clients are alerted to any unauthorized access to their servers. Furthermore, a documented disaster recovery plan is in place to ensure that important data can be recovered in case of an unexpected data center disaster.
Secure Hosting for Protected Data
In order for a data center to be HIPAA compliant they must first pass a rigors audit to ensure that the facility follows the Code of Federal Regulation (CFR) set by HIPAA inspectors. The inspectors take a detail look into the inner workings of a data center to ensure that any and all data stored inside are protected and only available to those authorized to view them. They also check to see if a Business Association Agreement (BAA) is made between the hosting provider and clients with data that are PHI. Any violation of a patient's PHI are reported to the Office of Civil Rights (OCR). A Business Association Agreement binds employees of both parties to report any such violations.
Data centers must provide adequate security measures to protect the data of their clients. These security measures include:
- SSL Certificates & HTTPS - All types of web-based access to a patient's PHI are encrypted and secure to prevent unauthorized connections.
- AES Encryption - Advanced Encryption Standard used to encrypt PHI stored on dedicated servers
- A Virtual or Dedicated Private Firewall Services - A secure firewall will prevent any unauthorized access to protected files.
- Remote VPN Access - Those with proper credentials will be able to access the protected network using a remote computer.
- Disaster Recovery - A documented backup recover plan in case of lost PHI or server malfunction.
- Dedicated IP Address - Private IP address that is cutoff from the public Internet
- Redundant, Isolated, and Secure database and web servers
- High speed connection with hardware that can run a variety of software and application for communication with multiple types of devices.
- Separate Test Server
HIPAA Compliance Data Center and the Health Industry
Adopting an electronic medical record system is a great way for hospitals, doctor's office, clinics, or any other type of businesses in the healthcare industry to easily share information with each other. An electronic medical record system speed up the process when dealing with insurance companies by allowing patients' medical records to be access online. Insurance companies do not have to call and wait for businesses to fax over important documents. Doctors can share patients' information such as scan, diagnoses, or medical records through the use of a high speed internet connection. Having an online server provides a medical database for doctors to cross reference and insurance companies to speed up the paperwork.
Government Incentives for HIPAA Compliant Hosting
The American Recover and Reinvestment Act (ARRA) was signed into effect in 2009 to upgrade the network infrastructure of healthcare institution. The act aims to provide healthcare organization with funding to transition from paper health records to electronic health records. Under the ARRA, the Health Information Technology for Economic and Clinical Health Act, or HITECH Act, gives financial incentives for healthcare businesses looking to transition to electronic health records in the hopes of improving the way they send and retrieve information. Physicians and medical offices can qualify for a $44,000 government grant over a 5 year time period if they shift towards utilizing dedicated servers to host electronic health records. Offices that accept Medicaid can receive up to $63,700 in government grant over a 6 year time period.
As healthcare facilities try to meet new standards set forth by these acts, they discover that operating an in-house data center was not a cost effective solution. HIPPA officials impose hefty fines to those that do not follow proper security guidelines. With that said, it is cost efficient to purchase hosting services from an HIPAA compliance data center. If both the healthcare business and the hosting provider are already HIPAA certified, further cost can be saved by forgoing expensive HIPAA audits. Establishing a Business Association Agreement between the hosting provider and its clients will legally bind both parties to follow HIPAA rules.