Has anyone dealt with websites that require HIPAA standards to be in place? I have a client who owns a pharmacy and wants to put part of his formulary online for customers to purchase items without having to come to the store. Setting up an online store is simple; protecting the sensitive data in accordance with federal law is proving to be a bit of a hassle.
The only problem not yet solved is finding a host for the site that is HIPAA compliant and doesn't cost an arm and a leg. From what I gather, the site has to be hosted on a dedicated server. Beyond that, the details I've found are fuzzy.
I searched WHT and found squat about what I needed to know. I spoke with a representative from RackSpace, and was told that the server has to meet SAS 70 Type II certification to be HIPAA compliant. Luckily, they sell servers with that certification. Unfortunately, they quoted me $400 a month minimum, way beyond what my client is willing to spend at this point.
CIHost also claims to be HIPAA certified and they have plans starting out at $99. Still a little more than the client was expecting, but doable.
I wanted to check here before I proceeded with signing them up for that plan, though. I know many Dathorn members have other hosting accounts, I just wondered if you guys or any of the staff know anything about any other HIPAA certified hosting providers or even where I may find any documentation outlining the server requirements for a site that must meet HIPAA standards.
The only problem not yet solved is finding a host for the site that is HIPAA compliant and doesn't cost an arm and a leg. From what I gather, the site has to be hosted on a dedicated server. Beyond that, the details I've found are fuzzy.
I searched WHT and found squat about what I needed to know. I spoke with a representative from RackSpace, and was told that the server has to meet SAS 70 Type II certification to be HIPAA compliant. Luckily, they sell servers with that certification. Unfortunately, they quoted me $400 a month minimum, way beyond what my client is willing to spend at this point.
CIHost also claims to be HIPAA certified and they have plans starting out at $99. Still a little more than the client was expecting, but doable.
I wanted to check here before I proceeded with signing them up for that plan, though. I know many Dathorn members have other hosting accounts, I just wondered if you guys or any of the staff know anything about any other HIPAA certified hosting providers or even where I may find any documentation outlining the server requirements for a site that must meet HIPAA standards.
Comment