HIPAA Compliant Cloud Hosting and Colocation

The Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) combine to implement strict requirements for all health providers when dealing with patient privacy and the security of protected health information (PHI). Security breaches can result in severe fines or even jail time.

Read how HIPAA impacts providers | See how Green House Data is compliant | Our HIPAA compliant services

Use of electronic health records (EHR) more than tripled from 2001 to 2011. As more hospitals, pharmacists, doctors and other health providers switch from paper/physical records to EHR, they must comply with new security measures as implemented by HIPAA and HITECH. Many health organizations are also migrating to the cloud for convenient storage and hosting of ePHI and EHR systems. When choosing a cloud provider it is more important than ever to select a fully compliant and secure facility.

What does HIPAA mean for health providers' IT departments?

HIPAA and HITECH are designed to protect "individually identifiable health information", which is anything that can be tied to an individual, including names, social security numbers, etc. This information must be secured if it is (1) transmitted by electronic media, (2) maintained in electronic media or (3) transmitted or maintained in any other form or medium. Providers may not use or disclose PHI except (1) to the individual, (2) for treatment, payment or otherwise in compliance or (3) incident to an otherwise permitted use.

Disclosure of PHI to business associates, like infrastructure providers, requires both parties to sign a Business Associate Agreement (BAA), which outlines the security measures in place to protect PHI on both sides. The HIPAA Security Rule requires three categories of safeguards:

• Administrative safeguards mandate a plan and description of how infrastructure collects, accesses, stores and transmits patient health information, including training for all employees.
• Physical safeguards include facility and workstation access controls, security monitoring, and device and media controls.
• Technical safeguards include audit controls (recording or examining activity in all ePHI systems), identity authentication and accounts, transmission security (HTTPS), firewalls and anti-virus software.

How is Green House Data HIPAA Compliant?

Green House Data is independently audited for HIPAA compliance by Linford & Co, a rigorous and lengthy process including the assigning of a security officer responsible for development and implementation. Risk assessments, review measures, incident response procedures and business continuity plans were all put in place, adding to our existing high-level security measures like firewalls, encrypted transmission, user identificiation and facility security.

All employees are trained in HIPAA security and compliance. Green House Data will work with your organization to create a custom, secure solution that will help achieve HIPAA compliance without placing on the strain on your internal IT department. We sign BAAs for every HIPAA client.

Request a Quote for HIPAA Compliant Services

HIPAA Compliant Data Center Services:

Every service offered by Green House Data adheres to HIPAA standards.

Learn more about our services:

 

Watch a recent webinar with Linford & Co discussing HIPAA Compliance:

Seconds matter to us, and Green House Data’s highly available and always-on infrastructure means our staff can access reliable medical data at a moment’s notice. In addition, Green House Data’s HIPAA compliance ensures we never have to worry about the safety of our records. Our top priority when choosing our colocation provider were our patients, and Green House Data has helped us continue to provide the best possible care to our patients in Cheyenne and across the region.