Archived Article: Reduce Risk and Increase Revenue with a HIPAA Compliant Data Center

28 Jan, 2015 Grant Sperry Data Center, law, legal, New Requirements, News & Updates, privacy, Security & Safety

hipaa-compliant-data-center
PLEASE NOTE: This is an archived article. XMission is no longer HIPAA compliant. Please visit our SOC2 compliance page to learn about our recent certifications.

While everyone has a basic understanding about HIPAA (Health Insurance Portability and Accountability Act), few know why it might matter for their business.

Even if you don’t currently have any customers with HIPAA requirements, what are you going to do when you have such an opportunity? With the recently expanded requirements from the new omnibus rule, doing business with or for an entity that handles electronic Protected Health Information (ePHI) could require your compliance. It makes good business sense to be prepared so you don’t miss out on growth opportunities.

Why is this important for data centers?
Protecting the confidentiality, integrity, and availability of ePHI is the essence of the HIPAA Security Rule. A HIPAA compliant facility helps ensure your own compliance with these requirements, especially with the 2013 omnibus rule.

What is HIPAA and ePHI?
HIPAA and the subsequent Health Information Technology for Economic and Clinical Health (HITECH) Act define policies, procedures and processes that are required for organizations that store, process or handle ePHI.

To clarify, ePHI refers to private health info that health care professionals create, store, and sometimes share with each other electronically. HIPAA requires strict policies and procedures to protect this data and keep it private. This is a good thing. Understanding compliancy regulations can be complicated though.

The Omnibus Rule?
The recent omnibus rule expanded HIPAA requirements which directly apply to data centers because it modifies the HIPAA Privacy, Security, and Enforcement regulations in the following ways:

Makes business associates and subcontractors of business associates of covered entities directly liable for compliance with some of the HIPAA Privacy and Security Rule requirements
Requires modifications to a covered entity’s Notice of Privacy Practices
Adopts the additional HITECH Act enhancements to the Enforcement Rule, particularly regarding privacy breaches and penalties

In other words, colocating in a HIPAA compliant data center, like XMission’s, can help you even if you’re only a business associate or subcontractor. If you have, or plan to find, customers that have anything to do with the health industry, I would strongly recommend you determine what you’ll need to do to service them.

Additional Information
For more details about XMission’s HIPAA status and other audits:
http://xmission.com/hipaa
http://xmission.com/pci
http://xmission.com/ssae16

Read the Omnibus Rule press release:
http://www.hhs.gov/news/press/2013pres/01/20130117b.html

HIPAA home page:
http://www.hhs.gov/ocr/privacy/

Have questions regarding XMission’s HIPAA compliance or what you can do to be prepared? Call us today toll free at 877-664-7746.

Grant Sperry works at XMission overseeing operations and colocation. Established back in 1993, XMission was an early Internet pioneer and continues to provide amazing products and personalized service. If you like what we’re doing, contact us to see how we can help your company thrive.