Hosting HIPAA compliant applications requires specific administrative, physical, and technical safeguards not provided by most web hosting companies.
What makes a webhost or cloud solution HIPAA compliant?
Selecting a HIPAA compliant service provider is only one part of the compliance process.
Organizations must perform an annual risk assessment, as well as create and review
administrative policies for safeguarding protected health information (PHI), limiting environment access,
and managing emergency plans and procedures.
HIPAA compliance requires consistent planning and review.
Public cloud providers such as Amazon Web Services (AWS) operate on a shared responsibility model,
that defines responsibilities for both the cloud service and the organization.
For using a solution in a HIPAA compliant manner, your organization must:
Sign a Business Associate Agreement (BAA) with the infrastructure provider
Define organizational policies to meet Administrative Safeguards
Use BAA covered services and configure Technical Safeguards