FIREWALLS AND ENCRYPTION DO NOT EQUAL COMPLIANCE
HIPAA compliant cloud hosting comes only through deliberate, well-documented systems management. The datacenter as a whole has to support HIPAA compliance. Unless a hosting provider purposefully strives for HIPAA compliance at every level of the organization, they won’t attain it.
Take a look at some of the things EHNAC asks for when they’re evaluating a datacenter. You can use this as a checklist when evaluating HIPAA compliant cloud hosting providers:
Documented policies and procedures to ensure continuing compliance with HIPAA regulations
Documented evidence that employees receive effective, relevant job training
A documented analysis of most likely scenarios for breaches of PHI security
Formal facility expansion plans that are reviewed annually, at a minimum
A list of individuals, down to the manager level, who are responsible for HIPAA compliance including the protection of Electronic PHI
A documented security awareness and training program for all members of the company’s workforce, including management
Written policies and procedures for responding to an emergency that impacts systems that contain Electronic PHI
Security and breach notification procedures in conformance with HIPAA and HITECH requirements
Documented procedures to ensure regular review of records of information system activity, such as audit logs, access reports, and security incident tracking reports
Documented identification of the privacy official and the security official that are responsible for ensuring adherence the Privacy and Security Rules, including a description of their responsibilities
Documented procedures to control and validate a person’s access to facilities based on their role or function
Policies and procedures to document repairs and modifications to the physical components of a facility which are related to security
Documented procedures for guarding against, detecting, and reporting malicious software
Documented evidence of separation between clients’ data
Ask your potential cloud service provider to share this with you. Only a truly HIPAA compliant cloud hosting provider will be ready with everything that’s required. You can also look for EHNAC accreditation as proof.
Search for accredited datacenters on EHNAC’s website, and you’ll see that ByteGrid was one of the first HIPAA compliant cloud service providers to achieve this. We’re the leader in HIPAA compliant cloud hosting.
Contact us today and experience HIPAA cloud compliance for yourself.