When looking for a HIPAA Compliant hosting company you want to ensure, among other things, that proper security controls are in place. This especially applies to Network Security Scanning capabilities and reporting.
Hosting providers must follow special HIPAA guidelines and regulations when it comes to the privacy and protection of medical information. There are many vendors that provide these types of security tools/utilities to be used in cloud hosting environments. To name a few: Nessus, Greenbone, BeyondTrust, Nexpose, SAINT.
Of course, there is always the question: “How much does it cost ?” and “What I am really paying for?” Pricing models can be based on values such as: how many systems will be scanned, how often must they be scanned and to what level of depth, etc. Yet if these services are too expensive, companies may be willing to forego purchasing them; as costs are reduced, such options become more attractive.
But for costs incurred with HIPAA Compliant hosting, knowing that security requirements are being fulfilled is paramount. However high or low the price, it’s quality of service and information protection that matters most.
Hosting providers have many options that can be configured for the proper level of scanning. Generally speaking, there are cursory scans and in-depth scans.
“Cursory,” of course, implies haste, not thorough or detailed in nature; while “in-depth” means to be completed carefully, extensively, and in a detailed fashion. Based on the level of depth required, there will be additional steps and processes required to build the designated configuration to meet compliancy.
For the purposes of HIPAA Compliant hosting, businesses should be thorough in their decision-making process yet have an understanding of the tools used to protect their health information – even if they may not understand all the technical details. While hosting providers have many options to choose from, discretion is based on company security constraints to properly satisfy HIPAA regulations.
Certain organizations may fall under more stringent demands where specified criteria have to be implemented. For these entities, corporate security policies will drive the need for a more secure hosted environment. This will a more focused approach and a higher level of awareness, deeper security scans, and additional reporting functionality. When dealing with these controlled environments, ensure that the hosting provider can accommodate these business needs.
Additionally, system access privileges may be required to achieve an intrusive level of security scanning. Without providing proper credentials network security scanners are unable to gain system entry. This result would produce invalid information and inconclusive results.
This is important because not having security controls in-place and systems being monitoring for unauthorized access could lead to unwanted visitors obtaining sensitive medical information. Businesses should allow the HIPAA Compliant hosting provider to gain system-level access in case of emergency, without having to solely rely on the organization’s IT staff to deal with these types of issues.
All told, when comparing Network Security Scanning solutions for HIPAA Compliant hosting there are many products to choose from that can provide customizable configurations based on organizational business criteria. Choosing the right solution to ensure HIPAA compliance should be the goal of IT administrators tasked with maintaining system security.
