HIPAA COMPLIANCE

Monthly

HIPAA

STARTING AT:

369.90 /MO

2 Servers configured in IIS + DB back-end roles each containing:

2 CPU Cores

4 GB RAM

80 GB SSD Storage

640 GB Bandwidth

Windows Server 2016

Full Root Access

Unlimited Domains & Mailboxes

Unlimited MySQL5 / MSSQL 2012 Databases

HIPAA PLUS

STARTING AT:

599.70 /MO

2 servers configured in IIS + DB back-end roles each containing:

4 CPU Cores

8 GB RAM

160 GB SSD Storage

1.2 TB Bandwidth

Windows Server 2016

Full Root Access

Unlimited Domains & Mailboxes

Unlimited MySQL5 / MSSQL 2012 Databases


HIPAA COMPLIANCE BUNDLE FEATURES:

DATA ENCRYPTION

Protection of data at rest is one of the requirements paramount to HIPAA compliance. Our solutions deliver a military grade encrypted file-system on all the servers to ensure ePHI data stays private. In addition we configure all services where possible to use SSL/TLS protocols for maximum security.

INTRUSION DETECTION

Included with every server is Symantec.cloud endpoint protection system that continually monitors the server file system and the server network stack for intrusions and malware. The IDS monitors your servers and alerts our staff to any abnormal changes or intrusions based on the real-time threat detection network.

MANAGED BACKUPS

The multi-layered backup system is there for your protection. Data stored on your servers is encrypted and stored in a backup repository to prevent accidental data loss. Should there be a need, it is possible to restore any file to a specific point-in-time state. We manage and configure all of this for you.

LOG MANAGEMENT

Log files from critical services are collected and stored for further analytic processing. In addition, we can provide licensing and configure weblog analytic software packages that automate the reporting and compliance process.

MINIMUM ACCESS

Access controls are always defaulted to no access unless overridden manually. Default server accounts are disabled, remote management services and ports are blocked by default.


ACCESS TRACKING

All access requests, changes of access, and access approvals are tracked and retained.


PHI SEGMENTATION

The stored PHI data is segmented both logically and physically by separating back-end database/storage server from the front-end HTTPs servers. This separates publicly accessible sites/api from the data storage.


MONITORING

All network requests are logged, along with all system logs. PHI HTTP/HTTPS requests (GET, POST, PUT, DELETE). Additionally, alerts are proactively sent based on suspicious activity. In addition the key protocols and services are monitored by our NOC for faults and errors.



BUSINESS ASSOCIATE AGREEMENT

We are fully committed to providing your organization with a signed BAA as required in the HITECH Act and recent Omnibus Rule changes. Our goal is to ensure your organizations hosted applications services are fully complaint.


ABOUT HIPAA

HIPAA Regulations and the Health Information Technology for Economic and Clinical Health Act “HITECH Act” layout a broad spectrum of requirements for businesses and computer systems storing or transmitting electronic private health information “ePHI”.

Under HITECH, mandatory penalties will be imposed for “willful neglect.” Obviously what “willful neglect” means will be determined on a case-by-case basis, but speaking in the parlance, we believe that an organization that handles ePHI and does not comply with the requirements can face penalties up to $250,000, with repeat/uncorrected violations extending up to $1.5 million.

That is why Rebel developed the HIPAA compliance hosting bundle that’s engineered to cover all HIPAA/HITECH Act requirements for organizations that handle ePHI. We make HIPAA compliance easy and provide a signed BAA with our managed hosting service.

CONTACT US TODAY FOR MORE INFORMATION