The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provided federal protections for personal health information, and specifies administrative, physical and technical safeguards to assure the confidentiality, integrity, and availability of electronic protected health information.
C7 Data Centers, Inc. understands the importance of ensuring the utmost transparency in internal controls and procedures. We want our customers to know they can trust C7 to provide data center facilities and services that meet the strictest control standards and industry best practices.
What does it mean for a service provider to be HIPAA Compliant?
A “Covered Entity” is an individual, organization or agency that must comply with the requirements to protect the privacy and security of health information and which falls into one of the three categories:
A Health Care Provider
A health care provider includes those such as doctors, clinics, psychologists, dentists, chiropractors, nursing homes and pharmacies. A health care provider as such is a covered entity if they transmit any information in an electronic form in connection with a transaction for which the Health and Human Services (HHS) has adopted a standard.
A Health Plan
A health plan includes health insurance companies, HMOs, company health plans, government programs that pay for health care (such as Medicare, Medicaid, and the military and veterans health care programs).
A Health Care Clearinghouse
A health care clearinghouse includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.
Here is a PDF to determine whether an individual or company or organization is a covered entity under the Administrative Simplification provisions of HIPAA.
What are the HIPAA Compliance responsibilities for companies located in a data center?
Any company located within a data center that qualifies as a covered entity must adhere to the privacy rules as set forth in the HIPAA Privacy Rule.
What does it mean for a data center colocation provider to be HIPAA Compliant?
In the broad definition of a health care clearinghouse, a data center facility could be interpreted to “facilitate the processing of” health information by providing the infrastructure to do so. This may include backup storage devices, connectivity to network providers or virtual servers. However, as per C7′s SSAE 16 control standards, user organizations (customers that use C7′s services) are responsible for:
1. Informing C7 of any regulatory issues that may affect the services provided by C7.
2. Ensuring that adequate mechanisms are in place to monitor and protect content of any information passing through their network.
3. Implementing their own access control systems on their infrastructure. C7 does not maintain or have logical access to user organization software or data.
The customer is responsibile to meet the requirements of HIPAA compliance. And C7, under the SSAE 16 controls, is already HIPAA compliant for the storage and processing of data using its managed services and data center infrastructure.