HIPAA hosting refers to website, application or data storage and hosting services that comply with the physical safeguard requirements of the HIPAA Security Rule. HIPAA hosting is an important part of the requirements needed for application developers to ensure HIPAA compliance of their solutions.
The short answer is no. HIPAA hosting alone does not make you HIPAA compliant.
HIPAA compliance is determined by the adherence to the privacy and security rules outlined by HIPAA. HIPAA hosting only addresses one aspect of those requirements. Hosting your application in a HIPAA compliant hosting environment such as Amazon AWS or Firehost does not make your application HIPAA compliant as they only address the physical safeguard requirements of the HIPAA security rule.
You are still required to meet the Technical and Administrative specifications of the HIPAA Security Rule in order to be compliant. TrueVault manages both the Technical and Physical safeguard requirements for your app, saving you the additional development time and resources of building them yourself for HIPAA compliant web hosting.
Not all of your mHealth, eHealth or wearable application data needs to exist in a HIPAA hosting environment. But any protected health information (PHI) requires HIPAA file storage. Protected health information is any information in a medical record that can be used to identify an individual, and that was created, used, or disclosed in the course of providing a healthcare service.
PHI includes images such as x-rays, MRIs, test results, doctor's notes, patient communication and more. If your healthcare application is managing any of these data types, you want to ensure that it is kept within a HIPAA compliant web hosting environment.
Sometimes digital copies of protected health information is called ePHI and refers to all individually identifiable health information that is created, maintained, or transmitted electronically.
HIPAA compliant hosting providers typically provide two main aspects of HIPAA compliance:
(See below for the distinction between required and addressable HIPAA hosting requirements.)
Many of the implementation specifications above are listed as addressable. HIPAA hosting required implementation specifications must be implemented. Addressable implementation specifications must be implemented if it is reasonable and appropriate to do so; the choice must be documented. It is important to remember that an addressable implementation specification is not optional.
Most HIPAA hosting companies should implement the addressable specifications as they are best practice data security features any way.
Make your application HIPAA compliant today. You can be up and running with TrueVault's healthcare API in minutes, with no credit card and no trial expiration.
Skip the red tape and head straight to developing amazing new solutions for the healthcare industry with TrueVault.