When building healthcare applications, websites, and other services that utilize patient data or protected health information (PHI), organizations must comply with HIPAA regulations. Selecting a HIPAA hosting provider is the first step to building a HIPAA compliant application. HIPAA compliant hosts provide servers and infrastructure that can be utilized with PHI.
Just using a HIPAA hosting provider does not automatically make your organization HIPAA compliant. Organizations must implement appropriate administrative and technical safeguards for ensuring compliance standards. Most HIPAA compliant hosting providers offer infrastructure that addresses HIPAA physical safeguards. Organizations may build healthcare solutions on this infrastructure but must be sure to develop applications that follow HIPAA administrative and technical standards. This means that organizations must have administrative policies in place and implement technical solutions such as backup and disaster recovery, audit logging, and vulnerability scanning.
HIPAA compliant hosting providers generally provide a signed Business Associates Agreement (BAA) and address HIPAA physical security controls. This means that the cloud infrastructure must be physically secured using locks, employee access to infrastructure must be limited, facility access and maintenance must be recorded.
In addition to physical safeguards, HIPAA compliant hosting providers must have contingency plans in case of an outage or emergency and must notify clients in the event of a security breach. Hosting providers are responsible for HIPAA safeguards including:
The Dash platform makes it easy for your organization to build HIPAA compliant applications.
Sign a Business Associate Agreement (BAA) with the cloud platform/infrastructure provider.
Define administrative policies and employee training to meet HIPAA administrative requirements.
Manage user authentication, audit logging, and to meet HIPAA technical requirements.
Build HIPAA administrative policies around your organization and your technology.
Dash Continuous Compliance Monitoring automatically scans and monitors your cloud environment for HIPAA compliance issues.
Leverage the established security programs and certifications provided by Amazon Web Services.
Advanced compliance reports allows your team to get an instant view into your state of compliance
Build on any number of technologies. From docker containers to virtual machines, your organization can build compliant solutions.
Build on 100+ AWS services and scale your cloud services to meet your needs.