Colocation America is proud to announce that it has passed the Health Insurance Portability and Accountability Act (HIPAA) audit. Our data centers are now in compliance with all 19 HIPAA requirements which means we can provide secure HIPAA compliant server hosting service for all of our clients, especially those in the healthcare industry. After a rigorous revamp of our data center, protected health information (PHI) is now stored and hosted online in accordance to HIPAA hosting standards. We provide a dedicated firewall to prevent network threats and unauthorized access to sensitive patients’ health records as well as training for our data center technicians to follow proper HIPAA law compliance protocols. PHIs are stored as encrypted data to prevent any unauthorized access. All of our HIPPA compliant servers are diligently monitored by trained IT personnel and our clients are alerted to any unauthorized access to their HIPPA servers. Furthermore, a documented disaster recovery plan is in place to ensure that important data can be recovered in case of an unexpected data center disaster.
What Is HIPAA?In order for a data center to be HIPAA compliant they must first pass a rigorous audit to ensure that the facility follows the Code of Federal Regulation (CFR) set by HIPAA inspectors. The inspectors take a detail look into the inner workings of a data center to ensure that any and all data stored inside are protected and only available to those authorized to view them. They also check to see if a Business Associate Agreement (BAA) is made between the hosting provider and clients with data that are PHI. Any violation of a patient’s PHI are reported to the Office of Civil Rights (OCR). A Business Association Agreement binds employees of both parties to report any such violations.
What Are the HIPAA Compliance Requirements for Data Storage?Data centers must provide adequate HIPAA data security measures to protect the data of their clients. These security measures include:
- SSL Certificates & HTTPS – All types of web-based access to a patient’s PHI are encrypted and secure to prevent unauthorized connections.
- AES Encryption – Advanced Encryption Standard used to encrypt PHI stored on dedicated servers
- A Virtual or Dedicated Private Firewall Services – A secure firewall will prevent any unauthorized access to protected files.
- Remote VPN Access – Those with proper credentials will be able to access the protected network using a remote computer.
- Disaster Recovery – A documented backup recover plan in case of lost PHI or server malfunction.
- Dedicated IP Address – Private IP address that is cutoff from the public Internet
- Redundant, Isolated, and Secure database and web servers
- High speed connection with hardware that can run a variety of software and application for communication with multiple types of devices.
- Separate Test Server
What Are the HIPAA Encryption Requirements?Just like with PCI DSS compliance, to be certified as a HIPPA compliant data center, one must follow strict encryption and decryption guidelines. From hipaacentral.com:
- Encryption and Decryption - 164.312(a)(2)(iv): Implement a method to encrypt and decrypt electronic protected health information.
- Encryption - 164.312(e)(2)(ii): Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate.