What is HIPAA Compliant Hosting and Why Does It Matter?

Healthcare In 2020

Healthcare users expect to be able to access a wide variety of healthcare information online. This information includes appointments, medication schedules, healthcare records, treatment histories, and more. Technology has transformed healthcare. It has improved communication between healthcare professionals and patients, provided rich diagnostic data, and enhanced the efficiency of treatment and healthcare business operations.

To provide online services, healthcare providers need web and server hosting. However, standard infrastructure hosting services are not capable of providing the privacy protections mandated by HIPAA.

HIPAA-compliant hosting provides a foundation on which healthcare providers can build applications and services that comply with HIPAA safeguards.

What Is HIPAA

HIPAA is a set of rules and requirements that organizations that store and handle ePHI have to conform to. HIPAA includes provisions for compliance, enforcement, and breach notification. But, the most important rules for healthcare providers are the Privacy and Security Rules.

The Privacy Rule is shorthand for the Standards for Privacy of Individually Identifiable Health Information. The Privacy Rule defines ePHI and lays out who is covered and their responsibilities with regard to healthcare information. As you might expect, the PrivacyRule covers the storage, access, disposal, and control of ePHI. However, it also requires that a covered entity — the healthcare provider in this case — obtain “satisfactory assurances” that any business associates — including hosting providers — will appropriately protect healthcare data in line with HIPAA. This takes the form of a HIPAA Business Associate Agreement that only a HIPAA-compliant hosting provider is competent to agree to.

The Security Rule operationalizes the protections in the Privacy Rule, specifying the safeguards that organizations must have in place when storing or transmitting healthcare data.

The HIPAA rules give rise to a number of administrative, technical, and physical requirements. Covered entities and their business associates must comply with these requirements. 

What is ePHI?

ePHI (or PHI) is Electronic Protected Health Information, a category defined in HIPAA’s Privacy Rule. This information consists of medical data that could be used to identify an individual and that was created, disclosed, or used as part of providing healthcare services. ePHI includes information about medical conditions, healthcare that has been provided to an individual, and payment information related to healthcare.

A healthcare provider must store, transmit, and process ePHI in accordance with HIPAA rules.

What Is HIPAA-Compliant Hosting?

HIPAA-compliant hosting is web or server hosting that conforms to the technical, physical, and administrative requirements of HIPAA. HIPAA-compliant hosting allows healthcare providers to build applications and services that conform to HIPAA. Standard web hosting providers do not have the necessary protections in place. In addition, most standard web hosts do not understand what those protections require.

To focus on physical protections, Liquid Web’s HIPAA-compliant hosting provides a comprehensive range of physical security measures, including electronic biometric access controls, round-the-clock CCTV monitoring, employee background checks, and more. You can see a full breakdown of the physical and technical security measures we have in place here.

Organizations that handle and transmit ePHI should choose HIPAA-compliant hosting because standard hosting is not capable of providing the protections HIPAA and their customers expect.

Why does HIPAA-Compliant Hosting Matter?

HIPAA-compliant hosting provides a hosting platform that complies with the technical and physical safeguards that the Health Insurance Portability and Accountability Act (HIPAA) requires of all organizations that store and transmit Protected Health Information.

Modern healthcare applications and services handle extremely sensitive data: the exposure of that data because of lax security and privacy standards can be hugely damaging to a healthcare business. Unfortunately, healthcare data is attractive to online criminals and healthcare providers are a major target for ransomware attacks.

The number of healthcare providers that leaked private patient information in just the last year is concerning: the unencrypted records of 128,000 patients from an Arkansas clinic, the records of 19,000 oncology patients, 106,000 patients in Michigan, 300,000 in Pennsylvania – the list goes on and on.

HIPAA-compliant hosting empowers healthcare providers to protect their patients’ data and meet regulatory standards while providing the online services and applications that today’s consumers expect.

To learn more about how we can help you take the headache out of HIPAA compliance, chat with one of our HIPAA Specialist.