HIPAA Blog

HIPAA Compliant Hosting for European-based Organizations

In order to host and/or migrate medical data being transferred from the European Union (EU), US hosting providers have to undergo and partake in the U.S.-EU Safe Harbor certification process. EU Directive 95/46/EC is the European Union mandate (in conjunction with the European Convention {EC}) for the protection of individuals with regard to Automatic Processing... Continue reading

Data Center Compliance for a HIPAA Compliant Hosting Provider

When a customer is seeking the right choice for a data center that is HIPAA Compliant, there’s an important distinction to keep in mind. To say that a data center is “HIPAA Compliant” is actually a misnomer. Data Center Compliance is the responsibility of the hosting facility to manage and maintain the infrastructure. HIPAA Compliance... Continue reading

HIPAA Compliant Hosting vs Standard Web Hosting

If you host a website that will interact with patient information, then you should find a HIPAA specialist in web hosting. Patient information is considered Protected Health Information (PHI) or Electronic Health Records (EHR) and is protected by the regulations of the Health Insurance Portability and Accountability Act (HIPAA).

Security Scanning for HIPAA Compliant Hosting: Pen Testing and Vulnerability Assessments

Why should I scan my systems? How often should I scan? What is the difference between internal scanning vs external scanning?These are common security questions that should be addressed when dealing with HIPAA Compliance regulations. HIPAA regulations require that procedures exist for the safekeeping of data, with high recommendation on data encryption. The HIPAA Security Rule states that a Risk Analysis is required for systems that contain electronic protected health information (ePHI). This involves conducting an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability (also known as the CIA triad) of the resident information.

Integrating with Your Team: 4 Factors to Remember When Choosing a HIPAA Web Host

When looking for a HIPAA Compliant Host, it is important that you find one that will integrate well with (and essentially be an extension of) your team. The hosting provider will know your objectives clearly and will strive to meet them. In contrast, a non-HIPAA compliant host generally only cares that the network is up... Continue reading

Why HIPPA Compliant Hosting Providers Should Hire a CISSP

Regulatory Compliance | Risk Assessment | Information Assurance | Password Management When providing services to HIPAA clients, guidelines have to be followed and rules put into place; this requires someone that can manage these restrictive measures and become intimately familiar with the processes involved. Professionals who have obtained the CISSP credentials possess this knowledge, with... Continue reading

Vulnerability Scans Should be Required for HIPAA Hosting

Malicious actors want your data, and will actively scan networks in order to discover vulnerabilities. Once they know your network’s weaknesses, they attempt to penetrate the network and gain unauthorized access in order to abuse the system in some way. Abuse may include stealing your data or using the compromised system as part of their... Continue reading

Differences Between PCI DSS Compliance & HIPAA Compliance

HIPAA and PCI DSS are both frameworks for complying with legal guidelines that ensure the underlying data is protected appropriately. So what are the differences? Whereas HIPAA is focused on protecting Protected Health Information (PHI) or Electronic Health Records (EHR), PCI-DSS is centered around an individual’s credit card data. HIPAA is the Health Insurance Portability... Continue reading

When Should You Encrypt PHI Data for HIPAA Compliance?

It's pretty easy to understand that the confidential data must be protected because it is confidential information. However, the question remains of 'where' and 'when' should the data be protected.

Protected Health Information – What, When, Where, Why

Protected Health Information must be encrypted according to HIPAA $164.312 Technical safeguards. At first glance this seems obvious even to a casual observer. PHI data must be encrypted because it contains the private health records of a patient, and this private information must be carefully safeguarded. It’s easy to understand that the confidential data must... Continue reading