HIPAA Hosting

Webinar: Atlantic.Net and Compliancy Group Offer Help on Cybersecurity and HIPAA Compliance

The HIPAA-compliant hosting company, Atlantic.net, is teaming up with HIPAA-compliance specialists Compliancy Group for a webinar to explain some easy-to-implement steps healthcare organizations can take to quickly improve their security posture, become more resilient to cyberattacks, and ensure they continue to stay compliant with HIPAA regulations.

Healthcare organizations are being targeted by cybercriminals for the data they hold. Patient data can be sold for big bucks on the black market, there a growing trade in stolen healthcare login credentials, and ransomware is being used to extort money from hospitals and medical practices. For the past two months, healthcare data breaches have been reported at a rate of more than 1.5 per day, which is twice the rate of 2018. Cybersecurity has never been more important.

Many practices lack the internal resources to devote to cybersecurity and budgets are stretched. Finding the funds to devote to improving cybersecurity protections can be a major challenge, so it is important to ensure any additional funding is well spent.

In the webinar, Altantic.Net’s experts will be speaking about HIPAA-compliant cloud services and cybersecurity and Compliancy Group’s compliance specialists will walk attendees through some of the complexities of HIPAA to help attendees develop a plan to improve cybersecurity, ensure compliance, and avoid regulatory fines.

Join Atlantic.Net and Compliance Group for the webinar on Wednesday October 24th to find out more

Webinar:

HIPAA Compliance & Cybersecurity: 5 Things You Can Do at Your Practice Tomorrow

Date:     Thursday October 24, 2019

Time:    3PM ET / 12PM

Register Here

The post Webinar: Atlantic.Net and Compliancy Group Offer Help on Cybersecurity and HIPAA Compliance appeared first on HIPAA Journal.

Atlantic.Net Celebrates 25 Years as Internet and Cloud Services Provider

Atlantic.Net, a cloud service provider that specializes in HIPAA-compliant hosting for the healthcare industry, is celebrating its 25th anniversary this year.

The company was formed in 1994 as an Internet service provider, but over the years has adapted with the latest technology trends and in 2009 transitioned into cloud services. Over the next 10 years the company further developed its hosting platform and associated services and is now a major cloud services provider with more than 15,000 business clients in over 100 countries.

“What started as an ISP in a university dorm has evolved into a leading Cloud Services Provider that our clients have come to rely on for powering their businesses, securing their data, and ensuring compliance and business continuity,” said Atlantic.Net Founder, President, and CEO, Marty Puranik. “By offering optimized Cloud and traditional hosting that protects and scales with our customer’s businesses, we have grown into an international brand with a computing presence in multiple countries. We thank our loyal staff and clients, without whom our success would not be possible.”

The rapid growth of the company’s customer base has been helped in no small part by the expansion of its services into the healthcare sphere. Atlantic.Net now offers a range of HIPAA-compliant services to the healthcare sector, including HIPAA-compliant cloud hosting, database hosting, WordPress hosting, cloud storage, disaster recovery, and a range of managed security services to help healthcare organizations improve their cybersecurity posture and comply with HIPAA Rules.

There is certainly a lot to celebrate at Atlantic.Net this year. The company has received awards from Inc 500, MedTech Breakthrough, Florida 100 and many others for its sustained growth, customer service, products, and services.

CEO Marty Puranik has also been recognized for outstanding leadership and has collected an Ernst & Young’s Entrepreneur of the Year award, a Business Journal’s Forty Under 40 award, and as been inducted into The University of Florida Hall of Fame.

The post Atlantic.Net Celebrates 25 Years as Internet and Cloud Services Provider appeared first on HIPAA Journal.

Is iCloud HIPAA Compliant?

Is iCloud HIPAA compliant? Can healthcare organizations use iCloud for storing files containing electronic protected health information (ePHI) or sharing ePHI with third-parties? This article assesses whether iCloud is a HIPAA compliant cloud service.

Cloud storage services are a convenient way of sharing and storing data. Since files uploaded to the cloud can be accessed from multiple devices in any location with an Internet connection, information is always at hand when it is needed.

There are many cloud storage services to choose from, many of which are suitable for use by healthcare providers for storing and sharing ePHI. They include robust access and authentication controls and data uploaded to and stored in the cloud is encrypted. Logs are also maintained so it is possible to tell who accessed data, when access occurred, and what users did with the data once access was granted.

iCloud is a cloud storage service that owners of Apple devices can easily access through their iPhones, iPads, and Macs. iCloud has robust authentication and access controls, and data is encrypted in storage and during transfer. The level of encryption used by Apple certainly meets the minimum standard demanded by HIPAA. iCloud certainly appears to tick all the right boxes in terms of security, but is iCloud HIPAA compliant?

Will Apple Sign a Business Associate Agreement with HIPAA Covered Entities?

Cloud storage services are not covered by the HIPAA Conduit Exception Rule and are therefore classed as business associates. As a business associate, the service provider is required to enter into a contract with a HIPAA covered entity – in the form of a business associate agreement – before its service can be used in connection with any ePHI.

It is the responsibility of the covered entity to ensure a BAA is obtained prior to the use of any cloud service for sharing, storing, or transmitting ePHI.

That business associate agreement must explain the responsibilities the service provider has with respect to any ePHI uploaded to its cloud storage platform. The BAA should also explain the uses and disclosures of PHI, and the need to alert the covered entity of any breaches that expose data.

If a BAA is not obtained from Apple, its iCloud service cannot be used with any ePHI. So, will Apple sign a BAA with HIPAA covered entities?

Apple could not have made it any clearer in its iCloud terms and conditions that the use of iCloud by HIPAA-covered entities or their business associates for storing or sharing ePHI is not permitted, and that doing so would be a violation of HIPAA Rules.

“If you are a covered entity, business associate or representative of a covered entity or business associate (as those terms are defined at 45 C.F.R § 160.103), You agree that you will not use any component, function or other facility of iCloud to create, receive, maintain or transmit any “protected health information” (as such term is defined at 45 C.F.R § 160.103) or use iCloud in any manner that would make Apple (or any Apple Subsidiary) Your or any third party’s business associate.”

Is iCloud HIPAA Compliant?

It doesn’t matter what security controls are in place to ensure ePHI cannot be accessed by unauthorized individuals. If a communications channel is not covered by the conduit exception rule and the service provider will not enter into a contract with a HIPAA covered entity in the form of a business associate agreement, the service cannot be used with any ePHI. So, is iCloud HIPAA compliant? Until such point that Apple decides to sign a BAA, iCloud is not a HIPAA compliant cloud service and should not be used by healthcare organizations for sharing, storing, or transmitting ePHI.

The post Is iCloud HIPAA Compliant? appeared first on HIPAA Journal.