by Ryan Ozawa
Article filed in
Does Atlantic.net offer HIPAA compliant web hosting?
by Ryan Ozawa
When choosing a website hosting company, there are literally thousands to choose from, ranging from small neighborhood IT shops to multinational, multi-million dollar infrastructure firms.
If you’re a healthcare organization, however, the menu gets significantly shorter. Because of the need to comply with HIPAA rules and keep protected health information (PHI) secure, your web hosting company must sign on as a business associate and agree to comply with the provisions of a business associate agreement (BAA).
As we’ve discovered, many of the most popular web hosting companies are not HIPAA compliant. Does Atlantic.net make the cut?
What is Atlantic.net?
As origin stories go, Atlantic.net has a compelling one.
Described as “the anti-dot-com,” Atlantic.net was born in a dorm room at the University of Florida in 1994. It was the early days for the web, and the university didn’t provide internet access, so students Manoj “Marty” Puranik and Jose Sanchez started an internet service provider (ISP).
Unlike many startups that eventually imploded during the dot-com boom, Puranik and Sanchez financed everything themselves and achieved profitability quickly. In just one year, they had eight employees and 2,000 customers. The name Atlantic.net emerged in 1997 after the pair bought out two other ISPs, and over the next five years, the company expanded to two more states and swallowed over a dozen smaller companies.
More than 25 years later, Atlantic.net is now a global cloud services provider, with over 15,000 business clients in more than 100 countries, including NASA, Hilton, Newegg and Lenovo.
What does Atlantic.net say about security?
It’s clear Atlantic.net took security seriously from the very beginning.
In October 2001, the company introduced “True Private Networks,” making it one of the first to offer VPN technology commercially. Today, the Atlantic.net website puts “Compliance & Solutions” at the top center of its homepage, which links to a robust selection of secure services and company resources.
“Our compliance and hosting solutions are a perfect fit for financial services, healthcare organizations, marketing agencies, and many other verticals that require the most robust performance and security levels for their data,” the company says. “We are audited by qualified, independent third-party auditing firms to demonstrate our leading security and compliance services.”
Atlantic.net provides explanations of key security technology, like firewalls, VPNs, and multifactor authentication. More importantly, they say they have a number of certifications, including HITRUST, HITECH, PCI-DSS, SSAE 18, and SOC 2 TYPE II and SOC 3 TYPE II.
What about HIPAA?
Atlantic.net specializes in HIPAA compliant services. The acronym HIPAA appears 149 times on its “Compliance and Solutions” page alone.
“Whether you’re looking for comprehensive, fully managed HIPAA compliant hosting solutions for your HIPAA servers or an unmanaged hosting service, we can assist you with all your HIPAA compliance hosting needs,” the company says. Its HIPAA compliant web hosting service includes:
Atlantic.net also provides a business associate agreement, and says that “as a trusted business associate, we will adhere and uphold the requirements of HIPAA legislation, including the Security and Privacy rule amendments.”
In fact, the company makes it easy to install popular web apps within its HIPAA compliant environment, including WordPress, Nextcloud, Node.js, Docker, and cPanel.
Is Atlantic.net HIPAA compliant?
Atlantic.net can be HIPAA compliant. It actively courts healthcare clients and offers a wide array of solutions to specifically serve their needs.
It bears noting, however, that providing a HIPAA compliant cloud server and hosting environment doesn’t necessarily mean that every use case is HIPAA compliant. For example, to use Atlantic.net for email hosting, you’d need to install and configure email services, and those tools and applications may not meet the requirements of HIPAA.
Although Atlantic.net can provide HIPAA compliant web hosting, database hosting, and other related services, the phrase “HIPAA compliant email” appears only twice on the Atlantic.net site: in an article about healthcare surveys, and on a page of media citations that includes several links to us here at Paubox!
Okay, we may be biased.
Atlantic.net was a sponsor of our 2017 cybersecurity conference, as well as in 2018 and in 2019. And Atlantic.net vice president of marketing even penned a couple of blog posts for us, “How to Ensure Your Employees Aren’t a Threat to HIPAA Compliance,” and “Hacking and Human Error: Two Enemies of HIPAA Compliance.”
We’ve actually recommended Atlantic.net for HIPAA compliant WordPress hosting for years.
Paubox and Atlantic.net go great together, with Paubox handling HIPAA compliant email, and Atlantic.net handling almost everything else.