HIPPA compliance has become a hot topic in high-tech circles in recent years, but few companies in data center operations are as dedicated to providing solutions on this front as OnRamp Access Inc., indicates Chad Kissinger, the company’s founder.
“When we get in discussions with somebody in that industry, it’s almost always a win for us,” he said of OnRamp, which provides colocation, managed hosting and disaster recovery services to customers from its 15,000-square-foot data center in Austin. “We’ve become HIPPA experts.”
Seventy percent of OnRamp’s active growth comes from the healthcare vertical, Kissinger says. And while OnRamp has catered to healthcare customers for two years, the company became heavily focused on healthcare and providing HIPPA-compliant solutions a couple years ago, when HIPPA rules changed.
The U.S. Department of Health & Human Services regulation requires healthcare providers, health plans, and other entities covered by the Health Insurance Portability and Accountability Act (HIPPA) to notify individuals when their health information is breached, according to the federal agency’s website. These notification regulations were implemented as part of American Recovery and Reinvestment Act of 2009.
HHS now also requires mandatory yearly audits, has implemented fines of up to $1.5 million a year for HIPPA privacy violations, put in place mandatory Business Associate Agreements for healthcare organizations’ vendors and partners who touch protected health information to ensure they keep that data secure, and launched numerous other new procedures and rules.
Kissinger says not many service providers in their industry are willing to take on the liability involved with the Business Associate Agreement – OnRamp embraces it.
To address HIPPA compliance, OnRamp has created a three-step process to ensure it and its customers are protecting customer health care data in line with government regulations. First, it gathers information on customer networks and how they operate. Then, it assesses security risks. Then it creates a risk management plan for how it will maintain the customer’s infrastructure, in a fashion to meet the customer’s needs and one that is compliant and auditable. That also makes configuration (and related requirements) a lot easier down the road, as customers add new servers, firewalls or other infrastructure.
Edited by Braden Becker