HIPAA-Compliant Hosting and Why It’s Important
The Health Insurance Portability and Accountability Act (HIPAA) is legislation designed to protect the privacy and security of patient health information. While this might sound like law with limited implications for the broader business community, this is far from the case. The responsibility for compliance spans well beyond direct healthcare providers.
Let's look at what HIPAA compliance entails, what kinds of federal protections for personal health information are in place, and how HIPAA-compliant web hosting impacts your company's data and communications infrastructure.
What Is HIPAA-Compliant Hosting?
To understand this, first it’s important to understand the scope of data encompassed by HIPAA regulations.
What Is the Scope of the HIPAA Regulation?
This law first and foremost requires that any entity handling an individual’s health status information ensures that this data is completely secure from misuse and theft.
However, it also requires that all records and data pertaining to the use of medical services be protected. This refers to a huge assortment of data points. Voice data, chat sessions, treatment documentation, health insurance records and billing data all fall within the purview of this law.
Not surprisingly given the sheer breadth of this data, the majority of US companies are thought to have some compliance requirement with this far-reaching law.
What Does HIPAA-Compliant Web Hosting Look Like?
HIPAA-compliant hosting is a communications and data storage solutions specifically designed to ensure the legal handling of health data.
It provides solutions not just to direct health care providers, but for the vast number of supporting businesses that house or make use of supporting health data.
A HIPAA-compliant hosting service will be made up of two interrelated parts:
1. The proper handling and housing of patient data
First and foremost, it’ll provide robust systems for the storage of data. All pertinent data will be encrypted not just when it is stored, but also when it’s transmitted between people.
The integrity and security of this data will be subject to regular audit, with demonstrable infrastructure in place to ensure it’s both physically and electronically secure.
Stored data should also be closely and continually monitored by security experts.
2. Secure Communications Infrastructure
HIPAA compliance also applies to the physical communications technologies involved in storing or disseminating this data. This includes PBX phone systems, VoIP services, mobile devices and chat services, to name just a few. Take a look at 8x8’s list of supported equipment to see the full breadth of devices for which HIPAA compliance is relevant.
Why Is HIPAA Compliant Hosting Important?
Ensuring your communications and data are handled through a HIPAA-compliant hosting service is a vital concern for businesses in today’s data-dependent society.
HIPAA regulations have broadened over time, and the majority of US companies are now being impacted. Any party which creates, receives, stores or transmits personal health information must comply.
If your business is required to conform with HIPAA compliance requirements, the hosting company you use to handle key communications services must also be compliant.
There are also stiff penalties for non-HIPAA compliance. These include both financial penalties of up to $1.5 million as well as litigation. Random compliance audits can occur and ignorance of the law is not considered a valid excuse. This law is stringent and far-reaching.
It’s also just a simple matter of HIPAA compliance not being a simple or superficial process.
These days, personal data is under a constant threat of attack. Health data is particularly sought after by cyber thieves, because it contains a wealth of sensitive and potentially useful information.
How to Find a HIPAA-Compliant Hosting Provider
You can’t assume that your hosting provider is HIPAA compliant. In fact, some cloud service providers explicitly state their services should not be used for handling of HIPAA-sensitive data.
It’s important to get answers from your hosting provider to these specific questions"
Are They Compliant With the Latest Auditing Standards?
HIPAA-compliant web hosting will be Statement on Standards for Attestation Engagements 16 (SSAE16) certified. This basically means the service is compliant with security reporting standards.
Are Data Storage and Transfer Technologies Protected?
Check with your hosting provider if there’s a portion of the cloud network not under the provider’s control. They should also be able to provide assurance that all systems connected to their storage infrastructure are safe from breach.
Is the Data Storage Facility Physically Secure?
There are also physical consideration. Is the provider renting space in the cloud from the owners, or do they own the infrastructure?
At the least, the facility should be staffed 24/7, with multiple layers of physical protection to protect access to the data, including several security technologies to pass before accessing the data.
Will the Hosting Provider Give an Assurance of HIPAA Compliance in Writing?
Will they provide a business associate agreement (BAA) that they stand behind their HIPAA compliance, and that they can guarantee a service that has watertight data privacy and security controls in place.
8x8’s BAAs, for example, cover every aspect of compliance. They also have extensive audit trail capabilities. The result is peace of mind that your business is relying on a company worthy of that trust.
HIPAA-compliant hosting is crucial in the safe handling of sensitive data. It’s far more cost-effective to hand the task of compliance to a specialist company and by shifting a significant component of HIPAA compliance to a third party, it frees staff up to focus on core business.
When it comes to security, 8x8 provides reliable and compliant cloud solutions at a demanding level rarely seen by other cloud providers. Don't take your chances with a subpar cloud-based telecom system. Call 1-866-879-8647 or fill out our online form to request a no-obligation quote from an 8x8 Product Specialist.