Many types of organizations must comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA): the providers, plans, and data clearinghouses considered covered entities, as well as the business associates that are directly responsible for compliance as of the Omnibus Final Rule. The wide-ranging need for HIPAA compliance is reflected in how fast the healthcare IT market is growing. To look at the field from the provider side, this form of computing is recognized as a strong niche " because of its exponential growth since 2013."
After all, the demographics in the United States are changing as the Baby Boomers reach retirement age. In 2015, 48.2 people, or 14.9%, were 65 or over; in 2030, population experts say that number will be 74 million, or 21% of us. The amount of money spent on healthcare in the United States is expected to increase 5.8% per year through 2025 due to this social transition. That's 1.3% better growth than the expectation for US gross domestic product. By 2025, healthcare is projected to represent 20.1% of the GDP, up from 17.5% in 2014. These statistics are a bit mind-boggling – and they represent a trend rather than a sense of the individual company's perspective. Any business that is responsible for protected health information (PHI) has a different situation and challenges.
RELATED: How to Make Sure You Have a HIPAA Compliant Website
Let's look at the story of one company and the decisions it made for a HIPAA-compliant hosting plan.
Healthcare SaaS company selects hosting partner
ShareSafe Solutions provides software-as-a-service (SaaS) solutions via cloud computing that are in four primary areas: real-time analytics, communication, continuing education, and security. The company's centerpiece product is called the Unified Platform. The product intends to broadly improve clients' operations and results while safeguarding against breach and HIPAA violations. ShareSafe's mobile identity authentication system is designed to minimize breach possibilities to better manage login credentials. Part of the core function of the organization is to provide its services within a context that is HIPAA compliant – protecting digital information and interactions between various parties. The system gives users real-time analytics and updates on logins, security, and performance. The healthcare SaaS company recently made an infrastructural transition to a hosting service that provides it with a combination of dedicated and Cloud servers. By embracing a relationship with a hosting provider that they have come to trust, the firm's leadership is now able to take advantage of flexibility so that they can adapt for faster and more meaningful expansion. Security is clearly central to the company, so the executive team's choice of a HIPAA compliant partner was certainly not a minor one.
How ShareSafe's HIPAA compliant hosting has evolved
ShareSafe started by implementing four dedicated servers in conjunction with a firewall. The company also opted to use some of its servers within a colocation arrangement. At this same time, ShareSafe transitioned from VMWare to a virtualization OS called ProxMox. "Proxmox provides greater capabilities for security versus VMWare," said Beck, "and I had been using VMWare for years in previous deployments." Cloud has been on the rise over the last few years. As ShareSafe continued to grow, the organization decided it was time to begin integrating Cloud Servers into its infrastructure. At first, the company used a few different vendors for Cloud so they could test options. They evaluated how quickly problems were addressed, and then moved all of their Cloud over to the best-performing service. That responsiveness is key to ShareSafe, and it was central in choosing their system so that they could rely on fast deployments in the future. As the healthcare market and healthcare technology continue to grow, ShareSafe is ready as they start implementing additional servers beyond their original four large-capacity enterprise machines – additional high-capacity NFS servers are being prepared for deployment. Plus, the company is strategizing the incorporation of various clusters for multiple redundancy in Cloud distributed across a number of US data centers. These changes are increasing the size of the firm's architecture by more than 100%. Through this move to geographically distributed locations, ShareSafe is investing in the prevention of downtime or data loss from intrusions or blackouts. They are defending against DDoS attacks. ShareSafe needed a hosting environment that would keep their systems running at all times; and they succeeded. Between February and September 2016, the uptime for the company through the hosting provider they had chosen was 99.99%. The company now has a deep understanding of the range of quality in support provided by different hosting services, having tried a few. For example, two DDoS assaults hit ShareSafe during 2016. With one of their prior providers, some of their systems were down for 4 hours. With ShareSafe's chosen provider that ultimately received their whole ecosystem, their services were back up within 5 minutes in both cases of DDoS.
That latter provider was literally 48 times faster than the 4-hour recovery. The responsiveness of the technical support ended up being a critical factor in their choice.
Making your move
Learning about the experiences of other healthcare providers is vital to helping you understand what choosing a HIPAA compliant hosting solution might look like for your business. If you want to learn more about how ShareSafe has carefully built a highly secure yet flexible system through a HIPAA-compliant hosting provider, read their case study.
This post was written in collaboration with Atlnatic.Net. Atlantic.Net is a market-leading Cloud Hosting, Managed Hosting, Dedicated Hosting, and HIPAA-Compliant Hosting provider with state-of-the-art data centers in New York, London, Toronto, San Francisco, Dallas, and Orlando.