Results 1 to 4 of 4

Thread: HIPAA Certified Hosting

  1. #1

    Default HIPAA Certified Hosting

    Has anyone dealt with websites that require HIPAA standards to be in place? I have a client who owns a pharmacy and wants to put part of his formulary online for customers to purchase items without having to come to the store. Setting up an online store is simple; protecting the sensitive data in accordance with federal law is proving to be a bit of a hassle.

    The only problem not yet solved is finding a host for the site that is HIPAA compliant and doesn't cost an arm and a leg. From what I gather, the site has to be hosted on a dedicated server. Beyond that, the details I've found are fuzzy.

    I searched WHT and found squat about what I needed to know. I spoke with a representative from RackSpace, and was told that the server has to meet SAS 70 Type II certification to be HIPAA compliant. Luckily, they sell servers with that certification. Unfortunately, they quoted me $400 a month minimum, way beyond what my client is willing to spend at this point.

    CIHost also claims to be HIPAA certified and they have plans starting out at $99. Still a little more than the client was expecting, but doable.

    I wanted to check here before I proceeded with signing them up for that plan, though. I know many Dathorn members have other hosting accounts, I just wondered if you guys or any of the staff know anything about any other HIPAA certified hosting providers or even where I may find any documentation outlining the server requirements for a site that must meet HIPAA standards.

  2. #2
    Senior Member
    Join Date
    Mar 2004
    Location
    FL Panhandle
    Posts
    238

    Default

    HIPAA is serious stuff and to be honest, I'm surprised your finding hosting as low cost as you are. The legal liabilities are huge if something isn't protected. IMO, If I were you and the customer isn't willing to spend more than $100/mth, I'd pass on him as a customer.

  3. #3
    Senior Member Buddha's Avatar
    Join Date
    Mar 2004
    Location
    Florida USA
    Posts
    825

    Default

    Quote Originally Posted by openbox
    HIPAA is serious stuff and to be honest, I'm surprised your finding hosting as low cost as you are. The legal liabilities are huge if something isn't protected. IMO, If I were you and the customer isn't willing to spend more than $100/mth, I'd pass on him as a customer.
    I agree especially at $25,000 per violation. Those kind of fines could add up real quick.

    I'm also kind of wondering why this isn't being done in-house. I wouldn't want that server any farther away than spitting distance.
    Last edited by Buddha; 02-02-2006 at 04:28 PM. Reason: intuitive lapse
    "Whatcha mean I shouldn't be rude to my clients?! If you want polite then there will be a substantial fee increase." - Buddha

  4. #4
    Senior Member KyleC's Avatar
    Join Date
    Mar 2004
    Location
    Dallas, TX
    Posts
    291

    Default

    Thought I would chime in here. I developed a online system for a medical transcription company and have been working on it for the past few years. The doctors mp3 files from their digital recorders get automatically uploaded and then the transcriptionist download the file and transcribe it, then the word file gets uploaded back to the server and then downloaded by the doctors offices.

    It uses a dedicated server with a hardware firewall (for secure vpn) and specialized security software to lock down IIS and server 2003, in addition to the custom software that ran the automation and organization of the mp3s and word files. It was one of the most challenging projects I have ever done, the HIPAA compliance literature is very hard to read and the requirements for us were vague, but seemed very strict. A combination I didnt like.

    I recommend finding a security specialist that has dealt with HIPAA in your local area to help you with the project. the pharmacy needs to realize complying with fedreal law isnt cheap....

    Also be aware CIHOST claims allot of things, make them prove compliance.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •