When it comes to HIPAA hosting companies, you have more choices than ever. Many hosting providers are HIPAA Compliant and provide a level of security for hosted information in the cloud.
One of those organizations is Amazon. They provide a cloud-based solution called “Amazon Web Services” or AWS. Utilizing a large corporate cloud provider organization such as Amazon involves extra steps and processes to build cloud services. This can become very complicated, as many options and configurations exist that some will not have the time to understand.
When dealing with HIPAA Compliance, businesses want to be thorough in the decision-making process, yet comfortable with the mechanisms used for the protection of their health information – without having to spend excessive time figuring out what all the “bells-and-whistles” do.
While AWS has many options to choose from, it will take some time to figure out what they are and how they will meet individual business needs to satisfy proper HIPAA guidelines and regulations.
Pricing is typically a “make-or-break” decision for businesses these days. If something costs too much, companies want to know what they are paying for and why; when something costs too little, it seems “too good to be true” and things are questioned.
When dealing with HIPAA Compliance, cost still remains a factor in the process of finding a cloud service provider. Knowing the cost will be higher is an expectation, but higher costs don’t necessarily mean better quality of service. While AWS has price models geared towards small-scale customers, they are mostly geared towards large businesses or enterprise-level organizations seeking to secure their data in large volumes.
Compare Amazon AWS Pricing with HIPAA Vault
Regulated organizations may be required to operate in a secure, dedicated cloud, as such within a traditional local data center. For some companies, policy requirements can force geographic limitations to certify the physical location of their HIPAA data.
One such disadvantage of outsourcing to AWS includes loss of control where this data resides: Customers are unable to choose which data center is hosting the information. When dealing with controlled environments, based on corporate security constraints, organizations should be able to identify where their data is being stored at all times.
Quicker response times and more efficient actions are what customers expect when dealing with the privacy and protection of their data. AWS has the support of a large enterprise organization with a great deal of support staff, but this comes at a cost: time and money. While 24x7x365 Support can sound like a grand idea, don’t get fooled that customer service will always be available to deal with issues.
There will be a hierarchy for resolution based on multiple factors: purchased level of support, wait time in the queue, difficulty of the current issue, etc.
Cloud service provider access privileges should be considered when choosing the proper organization to host HIPAA Compliant information. For example, AWS has the proper security controls in place to regulate and monitor medical information but do they provide an in-depth level of access to gain control of the cloud environment in case of emergency.
While other cloud hosting providers can gain system-level access into the files/folders that are within, AWS relies on the organization’s IT staff to deal with these types of issues.
These are all important considerations when comparing cloud hosting providers for HIPAA Compliance. You want to keep in mind the following factors: simple options, lower costs, shorter call times, extensive access, levels of personal support, and flexibility.
