By chaniska ·
Is Vendor's like Godaddy, Rackspace and similar are compliant with Health care Compliance Standards Such as HIPAA, OIG and etc?
or when it comes to Service Providers how Does HIPAA applies?

I'm thinking about their datas on the Products such as Sharepoint, Exchnage, Hosting and etc.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Does not really apply

by robo_dev In reply to Compliance

The road does not need to be compliant with the Federal vehicle safety standards.

The controls related to most, if not all, compliance requirements happen at the application layer and relate to securing the data, not the infrastructure. While the owner of the data does due diligence to make sure the provider meets their security requirements, they are responsible for ensuring that controls over the data, such as encryption, are in place so that the controls over the infrastructure are irrelevant.

The one issue that is important with hosting providers is that data privacy laws vary from country to country, while the entity that is responsible for the data may be in the US. Therefore if a US based hospital has its medical records on an outsourced server in India, and there is a data breach, there may be US laws that are broken, but no laws broken where the data is actually located. This complicates the legal issues considerably.

Collapse -


by chaniska In reply to Compliance

Thanks for the update. was trying to get some idea on this matter. :)

Related Discussions

Related Forums