In today’s world, HIPAA compliant cloud hosting requires vigilance. VM Racks is in your corner, working to ensure your sensitive patient information is kept in utmost confidence, protected from exposure and inadvertently falling into the wrong hands.
3rd Party Audited for HIPAA Compliance
VM Racks has completed a 3rd party audit through one of the most recognized and rigorous HIPAA auditing programs, The Compliancy Group. This audit verifies that VM Racks is compliant in HIPAA, HITECH, and OMNIBUS rules. Being HITECH and HIPAA Compliant requires continuous updates to policies and procedures and is an ongoing process. By ensuring that VM Racks is HIPAA Compliant, our customers can be assured that all of the solutions we provide follow these same strenuous guidelines. For more information on our audit, feel free to verify our current status.
VM Racks removes the confusion and uncertainty surrounding HIPAA compliant cloud hosting so you know you are always compliant when it comes to your cloud host.
These features make up the basic requirements of HIPAA compliance. Click on our HIPAA compliant managed services below to read about the additional features that are included with our HIPAA hosting plans.
HIPAA Requirement Feature
HIPAA compliant server requires full backups of data to a separate facility other than the data center.
Electronic PHI is encrypted as regulated by the HIPAA Security Rule to meet standards in accordance with HIPAA Compliance. This process is used as a safeguard for risk management to protect the data contained within. Under HIPAA compliancy guidelines, PHI data must be encrypted both at rest and in transit. Your data stored in the cloud is encrypted with AES-256 symmetric cryptography and your data in transit is encrypted with an RSA 2048 bit key. Read more about encrypting HIPAA data.
Security Information and Event Management (SIEM)
The Server Log Management function indexes server logs and creates a searchable index for log file analysis or log auditing. HIPAA compliant cloud hosting guidelines require log collection.
Host Intrusion Detection System (HIDS)
Monitors log activity and sends email alerts to the system administrator when an anomaly is detected. HIDS automatically adds firewall rules to block the source of any anomaly.
Web Application Firewall (WAF)
Blocks and monitors network traffic at the application level. Rule customization and advanced security features protect applications and services. The web application firewall (WAF) complements a physical firewall. Whereas a physical firewall allows traffic through HTTP and HTTPS, the WAF filters attacks to stay within the HIPAA compliant web hosting guidelines.
A method of authentication that is more secure than using a simple password alone. It employs the use of a second factor that adds to the complexity of the user authentication.
Business Associate Agreement
Provides assurance that HIPAA Compliant data will be safeguarded and protected by an entity that provides services for a HIPAA Compliant organization. The Business Associate Agreement must be provided in writing to the covered entity.
Vulnerability Assessment Scans
Run regular vulnerability assessment scans in order to reveal any weakness in security that should be remedied.
Manage password policies to ensure they are being changed on a regular basis and they are complex enough to meet the security policies.