HIPAA Web Hosting Compliance: Why it Matters … Plus Some Jokes

 

Amsterdam servercluster in its own rack

Servercluster in its own rack

Hosting and health are sometimes interrelated. Our bodies can become hosts for parasites, and that is no fun (well… the tapeworm probably enjoys it). In other cases, the hosting industry and health industry cross paths in the need to reach the requirements of the Health Insurance Portability and Accountability Act (HIPAA). We are HIPAA compliant at Superb Internet, so this article will take a look at why that is important for working with health organizations.

HIPAA compliance is similar in some ways to PCI compliance: both express a company’s commitment to the parameters of a third-party body, and both of them have to do with security and privacy. PCI was established by the Payment Card Industry Security Standards Council (PCI  SSC) – a group formed by the major credit card companies – to develop comprehensive protocol for how companies should process payments and store sensitive personal information. HIPAA, unlike PCI, is not voluntary. HIPAA rules were signed into law at the federal level to give better consumer protections to American citizens. The downside (well, and upside) of HIPAA is the stringency of rules that health-care firms now have to follow.

Below is a little information on why HIPAA compliance is important for a web hosting company. As with my last article – focused on PCI – I will also get into standards acronyms that are growing in popularity in 2013. I’ll tackle the first one here:

Up & Coming Standards Acronyms: MBAM Art Standard

The Made By a Madman (MBAM) standard requires that any piece of artwork be validated to determine that it was in fact created by a mentally unstable person. Once it is determined that it was, everyone can start to enjoy it appropriately. “We’ve had just about enough of these happy, content, non-Salvador Dali, non-Vincent van Gogh types,” says Christian Doyle of the Transatlantic Alliance for Incoherent Creativity (TAIC). “We needed a way to know that the art we were looking at was made by someone either currently in or headed toward long-term electroshock therapy.”

Basics of HIPAA & Why it Matters for Web Hosts

The reason that HIPAA is so important for the hosting industry is because a large part of the reason the act was passed was to account for developments of the electronic age related to health privacy. Part of what it stipulates is that the Department of Health and Human Services (HHS) must have in place a set of standards, applicable across the country, for how healthcare is electronically administered – what the baseline security requirements are, what codes are used for certain health disorders, etc. This is essentially a streamlining and simplification of how healthcare records are organized.

Additionally, HIPAA contains specific language that relates to individual privacy. This language is essentially a recognition that the electronic age makes privacy of health records more challenging. Regulations, then, were deemed necessary to ensure that all physicians and hospitals were adequately protecting patient information.

Our own compliance can be of use to healthcare organizations that need to know the required governmental safeguards are in place. However, you still need to ensure the compliance of your company internally if you want to know you are completely legal.

Up & Coming Standards Acronyms: Skeleton Key Standard

This is an incredibly radical standard being developed by the people at the Single Key Worldwide Society (SKWS). The Skeleton Key Standard (SKS) requires all locks of a business to fit a key that is held by members of the society. “We are not just skeleton key enthusiasts,” says Dan Perry, president of SKWS. “We also don’t believe in private property.”

HIPAA: Privacy & Security of PHI

First let’s look at how HIPAA protects privacy and security. All the codes of HIPAA are related in some way to protected health information (PHI) – how it is defined, how it must be maintained, and rules for transmission. Basic regulations include the following:

  1. Internal protections for PHI;
  2. Only the minimum amount of PHI necessary to conduct business should change hands;
  3. Records must be kept of any transfer of PHI;
  4. Patients must have access to make changes to PHI;
  5. Contracts with affiliated companies that ensure protection of PHI;
  6. “Privacy officer” role given to the person in charge of PHI at a company;
  7. Penalize those who do not properly protect PHI;
  8. Give paperwork with acceptable PHI guidelines to all relevant parties.

Up & Coming Standards Acronyms: Packing Peanut Standard

The shipping industry has come together and created standards of quality for packing peanuts. The Packing Peanut Standard (PPS) ensures the following:

  • Peanuts must be pink
  • Peanuts must not be peanuts
  • Firmness of peanuts must be carefully balanced with their softness – with correct balance determined by a designated “Balance Officer.”

Conclusion

That is the gist on HIPAA. Many different types of health organizations (and some others, too) must comply with its standards. As with PCI and our other certifications, we are not just protecting our clients and their clients. We are also showcasing our commitment to credibility across a wide range of industries. Our hosting packages are here. If you have any further up-and-coming acronyms that you would like to share, please provide them below.

by Kent Roberts and Richard Norwood

Leave a Reply