Accredited HIPAA Cloud Hosting

Posted by Rebecca Santorios on January 7, 2016


ByteGrid was the first datacenters to achieve EHNAC accreditation.  Our mission from the beginning has been to be the leader in HIPAA compliant cloud hosting.  We know we’re doing the right things to ensure HIPAA compliance in the cloud, and we’ve proven it.


If your cloud hosting provider isn’t HIPAA compliant, then neither are you.  You must be diligent when selecting a cloud provider, but unless you have a dedicated regulatory staff, you may not be equipped to make this determination.  

Accreditation by an established, reputable organization is hard evidence that a company can truly offer HIPAA compliant cloud hosting.

The Electronic Healthcare Network Accreditation Commission (EHNAC) is a federally recognized standards development organization and accrediting body that serves the full healthcare transaction spectrum.  In order to achieve EHNAC accreditation, organizations must supply evidence to EHNAC’s auditors that they’re capable of consistently supporting HIPAA compliance.


EHNAC evaluates an organization from top to bottom, including mandatory requirements explicitly for cloud service providers.  HIPAA compliant cloud hosting providers must offer:

  • Documented policies to protect against unauthorized disclosure of PHI
  • Documented policies and procedures to ensure compliance with applicable requirements of the HIPAA Privacy and Security Rules
  • Documented annual job training for all employees and contractors with access to PHI. This training must include breach reporting and notification, privacy, confidentiality, and security
  • Willingness to sign a business associate agreement, and evidence that they have business associate agreements in place with each of their business associates.
  • Documented data flows, showing all physical locations where data may reside
  • An agreement that requires them to notify clients 60 days prior to a long-term planned disruption event (e.g. a shutdown or liquidation)
  • An agreement to make available a full copy of clients’ data prior to or within 7 business days following a disruption event
  • Proof that they’ve implemented policies and procedures to address the final disposition of Electronic PHI and/or the hardware or electronic media on which it is stored
  • Evidence that they ensure separation between clients with respect to network traffic, database access, and operating system level access
  • Evidence that they’ve identified the individuals that have access to clients’ data and the physical location of each of these individuals. The level of access of each individual must be described

Organizations seeking EHNAC accreditation have to ensure that their cloud hosting providers meet EHNAC’s Cloud Service Provider requirements.  Partnering with an accredited datacenter makes this easy to prove.

Compliant cloud hosting is what we do.  Call us today to schedule your own on-site visit and find out why we’re the leader in HIPAA compliant cloud hosting.