HIPAA Certified Hosting

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • retro
    Member
    • Jun 2004
    • 40

    HIPAA Certified Hosting

    Has anyone dealt with websites that require HIPAA standards to be in place? I have a client who owns a pharmacy and wants to put part of his formulary online for customers to purchase items without having to come to the store. Setting up an online store is simple; protecting the sensitive data in accordance with federal law is proving to be a bit of a hassle.

    The only problem not yet solved is finding a host for the site that is HIPAA compliant and doesn't cost an arm and a leg. From what I gather, the site has to be hosted on a dedicated server. Beyond that, the details I've found are fuzzy.

    I searched WHT and found squat about what I needed to know. I spoke with a representative from RackSpace, and was told that the server has to meet SAS 70 Type II certification to be HIPAA compliant. Luckily, they sell servers with that certification. Unfortunately, they quoted me $400 a month minimum, way beyond what my client is willing to spend at this point.

    CIHost also claims to be HIPAA certified and they have plans starting out at $99. Still a little more than the client was expecting, but doable.

    I wanted to check here before I proceeded with signing them up for that plan, though. I know many Dathorn members have other hosting accounts, I just wondered if you guys or any of the staff know anything about any other HIPAA certified hosting providers or even where I may find any documentation outlining the server requirements for a site that must meet HIPAA standards.
    Denny Cave
    http://www.retrointeractive.com
  • openbox
    Senior Member
    • Mar 2004
    • 238

    #2
    HIPAA is serious stuff and to be honest, I'm surprised your finding hosting as low cost as you are. The legal liabilities are huge if something isn't protected. IMO, If I were you and the customer isn't willing to spend more than $100/mth, I'd pass on him as a customer.

    Comment

    • Buddha
      Senior Member
      • Mar 2004
      • 825

      #3
      Originally posted by openbox
      HIPAA is serious stuff and to be honest, I'm surprised your finding hosting as low cost as you are. The legal liabilities are huge if something isn't protected. IMO, If I were you and the customer isn't willing to spend more than $100/mth, I'd pass on him as a customer.
      I agree especially at $25,000 per violation. Those kind of fines could add up real quick.

      I'm also kind of wondering why this isn't being done in-house. I wouldn't want that server any farther away than spitting distance.
      Last edited by Buddha; 02-02-2006, 05:28 PM. Reason: intuitive lapse
      "Whatcha mean I shouldn't be rude to my clients?! If you want polite then there will be a substantial fee increase." - Buddha

      Comment

      • KyleC
        Senior Member
        • Mar 2004
        • 291

        #4
        Thought I would chime in here. I developed a online system for a medical transcription company and have been working on it for the past few years. The doctors mp3 files from their digital recorders get automatically uploaded and then the transcriptionist download the file and transcribe it, then the word file gets uploaded back to the server and then downloaded by the doctors offices.

        It uses a dedicated server with a hardware firewall (for secure vpn) and specialized security software to lock down IIS and server 2003, in addition to the custom software that ran the automation and organization of the mp3s and word files. It was one of the most challenging projects I have ever done, the HIPAA compliance literature is very hard to read and the requirements for us were vague, but seemed very strict. A combination I didnt like.

        I recommend finding a security specialist that has dealt with HIPAA in your local area to help you with the project. the pharmacy needs to realize complying with fedreal law isnt cheap....

        Also be aware CIHOST claims allot of things, make them prove compliance.
        -Kyle

        Comment

        Working...