09-13-11 | Blog Post

Passing a HIPAA Audit & Achieving HIPAA Compliant Data Centers

Blog Posts

After an extensive amount of work from our team last quarter, Online Tech is now the first managed data center operator in Michigan to achieve HIPAA compliance.

We recently passed our HIPAA audit with 100% compliance, as verified by independent Certified HIPAA Professionals (CHP) and Certified Health Security Specialists (CHSS). The report shows our Michigan data centers and hosting solutions comply with all 54 HIPAA citations, including the complete set of 136 audited components.

HIPAA Compliance
HIPAA Compliance

HIPAA and HITECH

HIPAA, the Health Insurance Portability and Accountability Act, is a government-regulated set of guidelines intended to protect patient health information. The two HIPAA rules include the HIPAA Privacy Rule that concerns protected health information (PHI) in all forms, while the HIPAA Security Standard applies to electronic protected health information (EPHI) transmitted or maintained in electronic form.

The 2009 HITECH Act specifies that business associates, such as third-party data hosting providers, also need to follow HIPAA privacy and security laws. Online Tech’s audit report covers both regulation standards with attention to data security and protection controls.

Why HIPAA Hosting – and Why Now?

Health IT and security have become top priority due to recent government initiatives to advance healthcare by upgrading old paper systems to electronic medical record (EMR) systems. Motivated by impending federal fines for data breaches and rewarding stimulus packages, the healthcare industry has been scrambling to find compliant and cost-effective IT solutions.

Many healthcare-related organizations seek HIPAA hosting vendors due to the costs and complexity of building and maintaining an in-house IT infrastructure to support the large quantity of their sensitive health data.

Online Tech’s HIPAA Compliant Hosting

Although HITECH and HIPAA dictate that protected health information (PHI) needs to be private, secure and available for access, specific technical aspects aren’t outlined. But HIPAA law does require a designed package or plan to achieve privacy and security safeguards, which is where Online Tech can help healthcare organizations.

Some examples of HIPAA safeguards and requirements include:

  • Physical access restrictions with locks to stored PHI.
  • Access control policies, procedures and technology to restrict authorized access to PHI.
  • Network security to protect transmitted health data.
  • Required by law to report any data breaches detected in IT systems.
  • Employee training in HIPAA compliant procedures and processes.

However, hosting your data with a HIPAA audited and compliant vendor doesn’t automatically make your company HIPAA compliant. Health-related companies that deal with patient information, including hospitals, physician health organizations, software and service companies also need to ensure their employees, policies and procedures are all performing within HIPAA guidelines, complete with HIPAA training.

A full HIPAA audit means that all the processes around our facilities and products were examined. Our data centers, managed servers and cloud servers, both managed and private clouds, were found fully compliant. A thorough review of the controls of our IT infrastructure, including hardware and software security capabilities, proved us to be operating within HIPAA standards.

Data Center Audits and Compliance

Our long history of audits started with a SAS 70 audit, then achieved a SSAE 16 audit and received SOC 2 & SOC 3 reports when the auditing standards were raised for data center excellence. Keeping up with audits is a cost and time investment for any company, but an extremely critical investment as government audits become more frequent; increasing the need for healthcare organizations to find compliant and secure hosting solutions.

More About HIPAA Compliant Hosting

Online Tech has provided a variety of HIPAA hosting, data backup and IT disaster recovery services for several healthcare-related and healthcare software companies. Read more about our HIPAA Compliant Case Studies.

HIPAA Law Webinar Hosted by Online Tech
HIPAA Law Webinar Hosted by Online Tech

Have more questions? Sign up for our upcoming HIPAA, HITECH, BAAs and the Law: Concerns and Best Practices webinar on September 27, 2011 at 2pm ET. Hosted by Online Tech with our guest, Attorney Tatiania Melnik from Dickinson Wright, this free educational webinar is open to everyone and aims to cover all legal and technical aspects of HIPAA compliance.

See our official press release on our newly completed HIPAA audit.

Overwhelmed by cloud chaos?
We’re cloud experts, so you don’t have to be.

© 2024 OTAVA® All Rights Reserved