Is Vendor's like Godaddy, Rackspace and similar are compliant with Health care Compliance Standards Such as HIPAA, OIG and etc? or when it comes to Service Providers how Does HIPAA applies?
I'm thinking about their datas on the Products such as Sharepoint, Exchnage, Hosting and etc.
This conversation is currently closed to new comments.
The road does not need to be compliant with the Federal vehicle safety standards.
The controls related to most, if not all, compliance requirements happen at the application layer and relate to securing the data, not the infrastructure. While the owner of the data does due diligence to make sure the provider meets their security requirements, they are responsible for ensuring that controls over the data, such as encryption, are in place so that the controls over the infrastructure are irrelevant.
The one issue that is important with hosting providers is that data privacy laws vary from country to country, while the entity that is responsible for the data may be in the US. Therefore if a US based hospital has its medical records on an outsourced server in India, and there is a data breach, there may be US laws that are broken, but no laws broken where the data is actually located. This complicates the legal issues considerably.
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
Compliance
or when it comes to Service Providers how Does HIPAA applies?
I'm thinking about their datas on the Products such as Sharepoint, Exchnage, Hosting and etc.