HIPAA Compliant Web Hosting

Hosting HIPAA compliant applications requires specific administrative, physical, and technical safeguards not provided by most web hosting companies. What makes a webhost or cloud solution HIPAA compliant?

Requirements For HIPAA Compliant Hosting

Selecting a HIPAA compliant service provider is only one part of the compliance process. Organizations must perform an annual risk assessment, as well as create and review administrative policies for safeguarding protected health information (PHI), limiting environment access, and managing emergency plans and procedures. HIPAA compliance requires consistent planning and review.

Public cloud providers such as Amazon Web Services (AWS) operate on a shared responsibility model, that defines responsibilities for both the cloud service and the organization. For using a solution in a HIPAA compliant manner, your organization must:

  1. Sign a Business Associate Agreement (BAA) with the infrastructure provider
  2. Define organizational policies to meet Administrative Safeguards
  3. Use BAA covered services and configure Technical Safeguards

Read Our Latest Whitepaper - Managing HIPAA in AWS   Download Whitepaper