DO Ideas 2

HIPPA Compliant Infrastructure

Kind of going along with PCI Cimpliancy, a HIPPA compliant environment would greatly benefit all of the companies scrambling to update and keep their applications HIPPA compliant

  • Steve Santacroce
  • Sep 11 2018
  • Attach files
  • Brandon Evans commented
    September 11, 2018 19:06

    Like Jared said, we just need a BAA from Digital Ocean, I'm not sure what DO needs to do on their side. Right now Linode and Azure will provide a BAA. Given Linode's recent password breach and DoS issues, we'd like to move to DO, but can't until they can provide this.

  • Annie Brawley-Sanders commented
    September 11, 2018 19:06

    I stumbled on this topic while looking for whether I need HIPAA compliance, which I ended up needing. The cheapest HIPAA plan I could find with VMware is $199 from https://www.vmracks.com/hipaa-compliant-solutions/hipaa-compliant-hosting/hipaa-cloud-startup/

  • Jared Koumentis commented
    September 11, 2018 19:06

    If this is accurate, https://www.digitalocean.com/features/technology/ , then there shouldn't be any technical reason that DO isn't HIPAA compliant. HIPAA compliance primarily rests with the people handling the private health information. The KVM technology coupled with a HIPAA certified datacenter should be technologically sufficient for HIPAA compliance. The infrastructure requirements aren't that extensive for someone to check the "HIPAA Compliant" box. There are third party companies that can provide an external audit, just like in the PCI world.

    Ultimately, I don't know of anything that would prevent DO from being able to say "Yup, we're HIPAA compliant" and offering a "Business Associate Agreement" saying that their infrastructure is sufficient.

  • Moisey Uretsky commented
    September 11, 2018 19:06

    We aren't really familiar with all of the legislation and requirements that go into HIPAA, but at this point we aren't investigating it.

    Thanks!

  • Rick Schmitty commented
    September 11, 2018 19:06

    Hmm sorry, cant figure out how to edit. I meant "I too would..."

    Also if this provides any help it seems AWS can do it with Ec2? http://aws.amazon.com/about-aws/whats-new/2009/04/06/whitepaper-hipaa/

  • Rick Schmitty commented
    September 11, 2018 19:06

    I do would love to use DO for some software which requires HIPAA compliance. This company http://www.onlinetech.com/cloud-computing-hosting/features seems to claim they run 100% compliance on VMware? No pricing which is always scary...

    Are there any recommended providers?

  • Hunter Barrington commented
    September 11, 2018 19:06

    I would love to use Digital Ocean more often in our companies application development but we have 3 potential projects that all require HIPAA compliance right now

  • Moisey Uretsky commented
    September 11, 2018 19:06

    I'm not up to date on HIPPA compliance but much like PCI I think the best route for each is to look into dedicated hardware because otherwise you are sharing resources on a single hypervisor so while the Datacenter is PCI and HIPPA complaint I dont believe at the hypervisor layer it really meets the requirements.