Kind of going along with PCI Cimpliancy, a HIPPA compliant environment would greatly benefit all of the companies scrambling to update and keep their applications HIPPA compliant
Like Jared said, we just need a BAA from Digital Ocean, I'm not sure what DO needs to do on their side. Right now Linode and Azure will provide a BAA. Given Linode's recent password breach and DoS issues, we'd like to move to DO, but can't until they can provide this.
I stumbled on this topic while looking for whether I need HIPAA compliance, which I ended up needing. The cheapest HIPAA plan I could find with VMware is $199 from https://www.vmracks.com/hipaa-compliant-solutions/hipaa-compliant-hosting/hipaa-cloud-startup/
If this is accurate, https://www.digitalocean.com/features/technology/ , then there shouldn't be any technical reason that DO isn't HIPAA compliant. HIPAA compliance primarily rests with the people handling the private health information. The KVM technology coupled with a HIPAA certified datacenter should be technologically sufficient for HIPAA compliance. The infrastructure requirements aren't that extensive for someone to check the "HIPAA Compliant" box. There are third party companies that can provide an external audit, just like in the PCI world.
Ultimately, I don't know of anything that would prevent DO from being able to say "Yup, we're HIPAA compliant" and offering a "Business Associate Agreement" saying that their infrastructure is sufficient.
We aren't really familiar with all of the legislation and requirements that go into HIPAA, but at this point we aren't investigating it.
Hmm sorry, cant figure out how to edit. I meant "I too would..."
Also if this provides any help it seems AWS can do it with Ec2? http://aws.amazon.com/about-aws/whats-new/2009/04/06/whitepaper-hipaa/
I do would love to use DO for some software which requires HIPAA compliance. This company http://www.onlinetech.com/cloud-computing-hosting/features seems to claim they run 100% compliance on VMware? No pricing which is always scary...
Are there any recommended providers?
I would love to use Digital Ocean more often in our companies application development but we have 3 potential projects that all require HIPAA compliance right now
I'm not up to date on HIPPA compliance but much like PCI I think the best route for each is to look into dedicated hardware because otherwise you are sharing resources on a single hypervisor so while the Datacenter is PCI and HIPPA complaint I dont believe at the hypervisor layer it really meets the requirements.
You won't be notified about changes to this idea.