HIPAA compliant hosting requires that patient information (PHI) be kept in utmost confidence and protected from inadvertently falling into the wrong hands or being exposed. In order to conform with these regulations, VM Racks offers True HIPAA Compliance™, an easy way to ensure that you are always compliant.
Audited For HIPAA Compliance
Maine Hosting Solutions has completed a 3rd party audit through one of the most recognized and rigorous HIPAA auditing programs, The Compliancy Group. This audit verifies that VM Racks is compliant in HIPAA, HITECH, PCI-DSS, and OMNIBUS rules. Being HITECH and HIPAA Compliant requires continuous updates to policies and procedures and is an ongoing process. By ensuring that Maine Hosting Solutions is HIPAA Compliant, our customers can be assured that all of the solutions we provide follow these same strenuous guidelines.
With True HIPAA Compliance, Maine Hosting Solutions removes the confusion and uncertainty surrounding HIPAA compliant hosting so you know you are always compliant when it comes to your cloud host.
These features make up the basic requirements of HIPAA compliance. Click on a HIPAA compliant web hosting plan below to read about the additional features that are included with our HIPAA hosting plans.
HIPAA Requirement Features
HIPAA compliant server requires full backups of data to a separate facility other than the data center.
Electronic PHI is encrypted as regulated by the HIPAA Security Rule to meet standards in accordance with HIPAA Compliance. This process is used as a safeguard for risk management to protect the data contained within. Under HIPAA compliancy guidelines, PHI data must be encrypted both at rest and in transit. Your data stored in the cloud is encrypted with AES-256 symmetric cryptography and your data in transit is encrypted with an RSA 2048 bit key.
Security Information and Event Management (SIEM)
The Server Log Management function indexes server logs and creates a searchable index for log file analysis or log auditing. HIPAA compliant cloud hosting guidelines require log collection.
Host Intrusion Detection System (HIDS)
Monitors log activity and sends email alerts to the system administrator when an anomaly is detected. HIDS automatically adds firewall rules to block the source of any anomaly.
Web Application Firewall (WAF)
Blocks and monitors network traffic at the application level. Rule customization and advanced security features protect applications and services. The web application firewall (WAF) complements a physical firewall. Whereas a physical firewall allows traffic through HTTP and HTTPS, the WAF filters attacks to stay within the HIPAA compliant web hosting guidelines.
A method of authentication that is more secure than using a simple password alone. It employs the use of a second factor that adds to the complexity of the user authentication.
Business Associate Agreement
Provides assurance that HIPAA Compliant data will be safeguarded and protected by an entity that provides services for a HIPAA Compliant organization. The Business Associate Agreement must be provided in writing to the covered entity.
Vulnerability Assessment Scans
Run regular vulnerability assessment scans in order to reveal any weakness in security that should be remedied.
Manage password policies to ensure they are being changed on a regular basis and they are complex enough to meet the security policies.