Top 11 HIPAA Compliant Hosting Servers for Healthcare Apps

HIPAA-compliant cloud hosting servers

Are you planning to build a healthcare mobile app? Then, there are chances that your app may require HIPAA-compliant hosting cloud server.

If you are collecting, storing or transmitting PHI to a covered entity then you definitely should be HIPAA compliant.

According to security guidelines established by HIPAA, anyone who develops mHealth, eHealth, or wearable applications that deal with Protected Health Information (PHI) — are required to meet national standards for Physical, Administrative, and Technical security of health information.

So, you have two options for becoming a HIPAA-compliant healthcare app:

Either you build a HIPAA-compliant app stack environment at the backend with your own dedicated server, which requires a ton of investment.

Or

You could leverage cloud hosting services that provide HIPAA compliant hosting.

We’ve identified a list of 11 best HIPAA-compliant cloud hosting server providers so you don’t have to go searching the web for a list as well as reviews (for the first/top 4 providers listed below).

#1 Amazon Web Services (AWS)

AWS is one of the most popular and trusted HIPAA-compliant servers for building healthcare apps. AWS has utility-based cloud services to process, store, and transmit Protected Health Information (PHI).

They sign a business associate addendum (BAA) with you and provide you the physical server isolation you need. The BAA contract clarifies how your HIPAA obligations will be shared with AWS.

There’s back-end storage that can be mounted and you can fiddle with the amount of disk space. If you like, you can add EBS (Elastic Block Store), which is disk space that lives in the racks near you.

Customers can use any AWS service in HIPAA-compliant applications. However, only the HIPAA-eligible services defined in AWS’s BAA can be used to process, store, and transmit personally-identifiable patient data.

AWS’ BAA currently applies to 9 services.

Pricing: AWS pricing is based on the usage of individual services, so you only pay for what you use. Even then, prices might start at 0.016/hour.

Ratings and reviews:

InfoWorld: Amazon, the mother of all clouds

PC Mag: Editor rating for Amazon EC2: Good

Trustradius rating: 4.1/5

Cloudreviews editor rating: 5/5

#2 RackSpace

Rackspace provides three types of cloud servers: open, private, and hybrid cloud. They have decent hardware, 15+ operation systems, image backups, Raid 10, impressive scalability, and many other services.

To help customers meet their compliance requirements with regards to HIPAA, Rackspace offers a Business Associate Agreement (BAA) in their dedicated hosting services segments.

Pricing: 30 days free trial. $73/month, you get a Windows Server 2012 instance configured with 2 CPUs, 2GB RAM, and 20GB of SSD storage.

Ratings and reviews:

PC MAG Editor rating: Excellent

Cloudreviews editor rating: 5/5

#3 Microsoft Azure

It calls itself ‘The cloud for modern business’. Microsoft Azure, formerly Windows Azure, is Redmond’s cloud computing platform.

Azure is a great competitor in the cloud application hosting arena, and it’s perfect if you’re hosting a .NET application. There are three main divisions of the Azure service: Infrastructure-as-a-service (IaaS, or virtual machines), web hosting (for mostly static sites) and platform-as-a-service.

Azure is certified according to the many control frameworks that make up HITRUST, including HIPAA/HITECH and ISO 27001, providing a compliant foundation for healthcare industry customers, but the end-user solution is owned and managed by the Azure subscriber (and is thus not in-scope for Azure compliance processes).

Microsoft currently offers the HIPAA/ BAA to all US customers as part of their Online Services Terms (OST).

Pricing: 30-day free trial. One virtual-core processor, 1.75GB of RAM, and basic support is $0.075 per hour—about $56/month.

Ratings and reviews:

PC Mag’s Editors’ Choice for small business cloud services.

Cloudreviews editor rating: 4/5

#4 Firehost

FireHost prides itself as the most comprehensive secure cloud infrastructure to support HIPAA-compliant hosting needs.

FireHost is certified against the Common Security Framework (CSF) from the Health Information Trust Alliance (HITRUST) to address HIPAA compliance requirements.

It is industry’s first true Compliance as a Service solution (Caas).

Caas is a complete solution that provides insight into everything required for compliance: secure infrastructure, gap analysis, remediation, audit, ongoing security & compliance monitoring, and incident response and forensics.

You can access FireHost support via live chat, phone numbers, and ticketing service. They are also active in social media networks.

Firehost has created a tool to compare FireHost to other leading cloud hosting providers and see the secure cloud difference.

Pricing: The cheapest server costs $200/month, and they do not have a usage-based billing system.

Ratings and reviews:

Cloudreviews Editor and user rating: 4/5

#5 Truevault

Truevault is another good option for ensuring your application meets the HIPAA technical and physical safeguards.

Truevault is a HIPAA compliant cloud hosting API and secure data store. It has a secure API to store health data and handles all physical and technical safeguards required by HIPAA.

It will sign a Business Associate Agreement (BAA) with you upon account activation. This will ensure customer protection under a comprehensive Privacy and Data breach insurance policy.

It enables you to store and search protected health information (PHI) in any file format through RESTful APIs. It also provides user identity and access control for your application.

Here’s a quick start guide to store your first document using Truevault.

Pricing: 45-day free trial followed by plan starting at $149/month.

Ratings and reviews: No reviews found

#6 Liquid Web

To verify your data is secured to HIPAA compliance standards the company provides technical controls, backup management, safeguards and physical security policies.

A Business Associate Agreement (BAA) is available upon request, which will require the acquisition of server configurations that meet minimum security requirements.

Suport: 24*7 support system in place; they call it HIPAA-trained Heroic Support® engineers.

Pricing: Standard plan of $14.95/ month includes a 5 GB of solid-state drive disk space, 240 GB of monthly data transfers, and two free domain names.

#7 VMRacks

VM Racks is a privately-held cloud service provider offering a full suite of HIPAA Compliant Solutions including hosting, email, sftp and more.

They have a trademarked solution called True HIPAA Compliance™ which they use to guarantee their cloud hosting packages are 100% HIPAA compliant and they sign BAA’s for all customers.

They support both Windows and Linux operating systems. The company provides services that deal with electronic patient health information (e-PHI) and electronic medical records (EMR). EMRs can include a wide range of sensitive personal, financial, and medical information.

All of their HIPAA Compliant plans include monitoring, hardening, scanning, patching, and server security.

Support System: 24/7 support with every hosting plan.

Pricing: Basic plan starts at $199/month which includes 2 GB memory, 50 GB storage, 320 GB bandwidth and true HIPAA Compliance.

#8 Atlantic

Atlantic offers a full range of HIPAA hosting and related HIPAA compliance products. You can choose for HIPAA compliant server hosting, but also for more specialized HIPAA compliant database hosting, application hosting or backups.

They offer custom-built HIPAA hosting solutions.

You can also decide to place your own servers in their HIPAA compliant data center. All of the products are combined with active and aggressive monitoring for security purposes.

Support: 24/7/365 Phone, Chat and Email Support.

Pricing: Starts at $385/month for a HIPAA compliant dedicated server.

#8 Aptible

Aptible enables your digital health organization to implement an entire HIPAA compliance program.

They run on deployment workflow, and their compliance validation engines streamline every component of the HIPAA Privacy, Security, and Breach Notification Rules.

They provide comprehensive packages, including backups, audit trails, and even employee training.

Support: You can leave a mail or chat with them. They usually respond within an hour or so during business hours.

Pricing: Fully customised pricing plans based on your requirement.

#9 Catalyze

Catalyze is a HIPAA compliant cloud computing for healthcare apps. They offer two products: a backend-as-a-service (BaaS), or set of APIs to build compliant apps and a compliant platform-as-a-service (PaaS) for running custom applications and databases.

For both products, they provide logging, monitoring, backup, disaster recovery, encryption (in-transit and at rest), IDS, file integrity logging, and vulnerability scanning. Catalyze is HITRUST Certified.

Support: You need to submit a ticket. Responses are sent within 24 hours. Existing customers typically receive a response in less than an hour during normal working hours.

Pricing: Free trial for 30 days followed by $500/month that includes one database container and one server.

#10 Connectria

Connectria offers enterprise level HIPAA compliant hosting solutions. They offer HIPAA-compliant hosting for customers in the healthcare and dental industry or anyone who must comply with the HIPAA and HITECH Act security standards surrounding the storage of Protected Health Information (PHI).

Connectria has partnered up with TripWire to offer HIPAA compliance monitoring. They setup and manage HIPAA Compliant environments in their data centers, and also in HIPAA Compliant environments in AWS.

They are Business Associates Agreement (BAA) friendly, and routinely enter into Business Associates Agreements with our customers.

They have a pretty aggressive service level agreement (SLA) offering a 100% uptime guarantee as well as a 100% secure guarantee.

Support: Solutions Architects are available 7 days a week for assistance. You need to fill a form and they usually get back within 24 hours.

Pricing: Prices start at just $665/month. Setup charges may apply.

#11 OnRamp

OnRamp’s fully-compliant HIPAA Foundation Solution bundles the compliance-critical hardware and software features to help you meet HIPAA’s stringent compliance requirement.

Their offering comes with a whole range of HIPAA compliance service. OnRamp allows you to choose from 3 different HIPAA hosting solutions, with HIPAA foundation solution, HIPAA advanced solution, and HIPAA enterprise solution.

OnRamp has also developed a 3-Step HIPAA Risk Management Tool to easily diagnose, assess and manage any vulnerabilities and risks with implementing customers’ IT infrastructure at OnRamp.

Support: IT infrastructure and critical data backed support available for 24/7/365.

Pricing: Price on request.

New Entrant: Healthcare Blocks

Healthcare Blocks is a HIPAA-compliant application platform that powers healthcare technology systems of all sizes, from small startups to large medical groups.

They are partnered with and built on Amazon Web Services. They are Business Associates Agreement (BAA) friendly and don’t ask for any long-term contracts from the customers.

The platform is fully-managed by the Healthcare Blocks team and offers versatility, with most languages and databases supported.

Pricing: Starting at $340/month

Support: Available via email, chat, and help desk website. Response time is usually less than 1 hour during normal business hours.

Nidhi Shah
 

Nidhi is the head of content marketing at Arkenea, a mobile app consultancy building experience rich apps for startups and businesses.

  • Venkatasubramaniyan Kalyanaram

    Thank you for the detailed article.

    It does required to be updated at least couple of points.

    1. Amazon requires dedicated instances for signing BAA agreement. See https://aws.amazon.com/blogs/security/frequently-asked-questions-about-hipaa-compliance-in-the-aws-cloud/

    It costs $2 per hour per region. So it is very expensive to run a single server as it would cost like $1500 just to run one server.

    2. Google Cloud Platform does seem to support HIPPA out of the box.

    https://cloudplatform.googleblog.com/2014/02/google-cloud-platform-provides-support-for-hipaa-covered-entities.html

    3. Firehost has changed its name to Armor and now supports protecting existing amazon AWS servers. No price indicated in the server.

  • disqus_vivSJx5t3m

    I’d liked to add that the leader in this space is actually a company by the name of ClearDATA. They are the only one that works exclusively in the Healthcare segment, they provide a more extensive BAA then any of the ones you mentioned, and they are HITRUST certified with only 2 others on this list. AWS actually sees ClearDATA as the preferred vendor for HIPAA compliant healthcare needs, due to them being flexible with their BAA. https://www.cleardata.com/