Do You REALLY Need HIPAA Compliant Hosting for Your Cloud?

A quick Google search for cloud providers will reveal an overwhelming amount of information and providers who claim to be the exact solution your organization needs. So, where you do you start? What do you need to look for? How do you evaluate the options? Do you really need a HIPAA compliant hosting provider?

We’re here to help.

General cloud providers may be adequate for businesses who do not handle sensitive information. But, for organizations who handle highly sensitive data and are bound by regulatory organizations like HIPAA, SOX or PCI, a specialized hosting partner is required – and one with a lot of experience.

What is HIPAA compliant hosting?
HIPAA has been around as a regulatory body since 1996, but the compliance rules were extended to “covered entities” in 2009 as part of the Security Rule. 

HIPAA compliant cloud providers are subject to a set of rules set forth by HIPAA as ways to protect the electronic personal health information they are storing.

Some of the elements that make a HIPAA compliant hosting provider are:

  • Firewall
  • Encrypted VPN
  • Offsite backups
  • Physical safeguards
  • 2-Factor Authentication
  • Private hosting environment
  • SSAE 18 Certification
  • Business Associate Agreement

Do I also need HIPAA compliant cloud storage?
Your hosting partner likely offers cloud storage as a part of their service offering. When evaluating storage options, from public or private cloud partners, be sure to evaluate their security measures, confirm their security certifications, and ensure their storage offerings are HIPAA compliant as well.

Here are a few questions to guide your storage conversation with your compliant cloud provider:

  1. Is your storage platform in a private or shared environment?
  2. Do you partner with another vendor for storage?
  3. Are you willing to sign a Business Associate Agreement?
  4. What are your storage retention terms?
  5. Is your organization SSAE 18 certified?

Who offers HIPAA compliant cloud hosting?
Finding the right cloud partner is as big a decision as moving your IT environment to the cloud. Cloud providers can be easily found, but partners who can handle your organization’s industry-specific applications, regulatory demands, and complexity of network is a bit trickier. 

Here are the top 3 questions to ask any hosting provider you’re considering (see a more extensive list here):

  1. Have you worked with organization’s that are bound by the same regulatory compliance laws that we are?
  2. Have you hosted our industry-specific applications (EHR, etc)?
  3. Have you experienced any sort of data breach during your tenure?

The short of it is, yes, you need to make sure your hosting provider is compliant with all HIPAA regulations (in addition to other regulations your organization might be held to like PCI or SOX). By partnering with the right cloud provider, you’ll be able to reap all the benefits the cloud offers – including peace of mind knowing that your data is safe and your organization is compliant with HIPAA regulations.

Netgain specializes in hosting the sensitive data of highly regulated organizations like healthcare and financial services. For nearly two decades, Netgain has worked with organizations to create private and secure hosting environments that meet the complexity and regulation requirements our clients need. For more information about hosting your sensitive data with a compliant cloud provider, contact us at

Follow Us