Background Color:
Background Pattern:

HIPAA/HITECH Compliance Is Not Optional - It's a law!

HIPAA Regulations and the Health Information Technology for Economic and Clinical Health Act “HITECH Act” layout a broad spectrum of requirements for businesses and computer systems storing or transmitting private electronic health information “ePHI”.

Under HITECH, mandatory penalties will be imposed for "willful neglect." Obviously what "willful neglect" means will be determined on a case-by-case basis, but speaking in the parlance, we believe that an organization that handles ePHI and does not comply with the requirements can face penalties up to $250,000, with repeat/uncorrected violations extending up to $1.5 million.

That is why IHOST IST developed a HIPAA compliance hosting bundle that is engineered to cover all HIPAA/HITECH Act requirements for organizations that handle ePHI. We make HIPAA compliance easy and provide a signed BAA with our managed hosting service.

SaaS HIPAA Hosting Bundle Features

  • Security

    The security of your ePHI is the core of the HIPAA/HITECH OMNIBUS 2013 standards. That is why we have implemented the top 20 critical security controls version 5.0 (CCS CSC v5.0) controls standards developed by the Council On Cyber Security . The security is not a product, it's a process!
  • Architecture

    HIPAA hosting bundle is developed with a common goal in mind, to provide solid and best practice based infrastructure and management services for organizations of all sizes. Let us know what you are trying to achieve and we will design a cost effective, secure solution for you that will handle your PHI work-load.
  • Control Your Costs

    HIPAA compliance should not be astronomically expensive! Our manged hosting solutions focus on providing value for your dollar while achieving HIPAA requirements. Our entry level HIPAA bundle offer is affordable for everyone. Our solutions are easily affordable yet lift the weight of the compliance complexity from the client's shoulders.
  • BAA

    As part of the HIPAA Omnibus Rule 2013 requirements, we will sign a business associate agreement (BAA) with the HIPAA covered entities to ensure compliance as specified in 45 CFR 164.504(e).

Summary Of Our Architecture

Below is a high level summary of our architecture, our guiding principles, and how it maximizes our security posture.

Affordable HIPAA Compliance

Hosted Appliance - Best Practice HIPAA Architecture HIPAA compliance does not have to be prohibitively expensive. Our HIPAA SaaS hosted compliance solutions are ideal for developers and businesses that create and operate web based application and websites. Entry level HIPAA hosting solutions are priced starting $260 per month complete with the BAA and include a fully manged service.

Data Encryption

Protection of data at rest is one of the requirements paramount to HIPAA compliance. Our solutions deliver a military grade encrypted file-system on all the servers to ensure ePHI data stays private. In addition we configure all services where possible to use SSL/TLS protocols for maximum security.

Intrusion Detection

Included with every server is endpoint protection system that continually monitors the server file system and the server network stack for intrusions and malware. The IDS monitors your servers and alerts our staff to any abnormal changes or intrusions based on the real-time threat detection network.

Managed Backups

The multi-layered backup system is there for your protection. Data stored on your servers is encrypted and stored in a backup repository to prevent accidental data loss. Should there be a need, it is possible to restore any file to a specific point-in-time state. We manage and configure all of this for you.

Log Management

Log files from critical services are collected and stored for further analytic processing. In addition, we can provide licensing and configure weblog analytic software packages that automate the reporting and compliance process.

Business Associate Agreement

We are fully committed to provide your organization with a signed BAA as required in the HITECH Act and recent Omnibus Rule changes. Our goal is to ensure your organizations hosted applications services are fully complaint.

Minimum Necessary Access

Access controls are always defaulted to no access unless overridden manually. Default server accounts are disabled, remote management services and ports are blocked by default.

System Access Tracking

All access requests and changes of access as well as approvals are tracked and retained.

PHI Segmentation

The stored PHI data is segmented both logically and physically by separating back-end database/storage server from the front-end HTTPs servers. This separates publicly accessible sites/api from the data storage.


All network requests are logged, along with all system logs. PHI HTTP/HTTPS requests (GET, POST, PUT, DELETE). Additionally, alerts are proactively sent based on suspicious activity. In addition the key protocols and services are monitored by our NOC for faults and errors.

Contact us today to get started...

If you would like more information including pricing quotes, please briefly describe your requirements. The information submitted in this form is encrypted using SSL protocol and is kept confidential. HIPAA hosting solutions are not one-size-fits-all and require understanding of the work-load and the customer application(s). Please fill out the form below and provide us as much information as possible about your workload and the requirements. We are looking forward to learning more about your business.

Your Contact Inforamation
Help us understand your needs