Web hosting - HIPAA data

Plateforme Level Extreme

Abonnement

Profil corporatif

Produits & Services

Support

Légal

English

Web hosting - HIPAA data

Message

09/03/2009 21:20:54

Pertti Karjalainen
Northern Lights Software
Fairfax, Californie, États-Unis

09/03/2009 11:25:29

William Kuhn
The Kuhn Group, Inc.
St Marys, Kansas, États-Unis

Information générale

Forum:

ASP.NET

Catégorie:

Déploiements

Titre:

Re: Web hosting - HIPAA data

Divers

Thread ID:

01386495

Message ID:

01386818

Vues:

>>We offer a web-based medical claims solution. We never considered using a third party to host our app. The potential HIPAA issues would seem to be insurmountable.
>
>That's my general impression too.

Furthermore, the liability is HUGE. Starting at over 10K for the smallest individual breach. 10+ K PER BREACH (a "non-virtual"
example would be a janitor seeing a health -related form in the trash, which gives you an idea of the possibilities and potential scale of virtual environment breaches)

The government hasn't persecuted HIPAA violations very actively yet, but it is getting more aggressive now (gotta pay for the $2 trillion deficits somehow! -- By the time you read this, it is actually probably up to $3 trillion) An example is a recent agreement between CVS Caremark Corp. and the U.S. government, where CVS will pay $2.25 million "because its pharmacy workers didn't properly dispose pill bottle labels and other items contain personal information about patients." (full article here: http://www.google.com/hostednews/ap/article/ALeqM5jL4xG_mpcMfKRKpNraxTKBXESZiAD96E8CDO2)

Why would ANYONE want to host HIPAA sensitive apps these days is beyond me. I say: let them -- no, make that: INSIST that they --have it on their own servers. You'll sleep much better.

Pertti

>
>Thanks.
>
>>
>>>We're in the last phases of an evaluation of IT options for a health-related agency.
>>>
>>>We are recommending a system of web applications using ASP.NET/SQL2008 (choking on MS licensing, but it still makes most sense in this case) for their main operations.
>>>
>>>They have a central office where a little over half of their staff works, but the remainder work from small remote offices or from laptops on the road.
>>>
>>>Our initial thoughts are to have them host their applications on their own servers where they have complete control and can provide redundant internet connectivity. Even if they lose connectivity, their office can still function. Obviously they will be responsible for their own data security.
>>>
>>>I've contracted for 3 companies that dealt with medical data and all worked this way.
>>>
>>>I'm looking for opinions and recommendations on 3rd party hosting of web apps with HIPAA data.
>>>
>>>The idea of medical data (lots of it) being offsite worries me, as well as the idea of all users being down if the hosting site is down or offline.
>>>
>>>Thoughts?

Pertti Karjalainen
Product Manager
Northern Lights Software
Fairfax, CA USA
www.northernlightssoftware.com

Répondre

Fil

Voir

Click here to load this message in the networking platform