Software

Question

Gravatar
Locked

Compliance

By chaniska ·
Is Vendor's like Godaddy, Rackspace and similar are compliant with Health care Compliance Standards Such as HIPAA, OIG and etc?
or when it comes to Service Providers how Does HIPAA applies?

I'm thinking about their datas on the Products such as Sharepoint, Exchnage, Hosting and etc.

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
Thread display: Collapse - | Expand +

All Answers

gravatar
Collapse -

Does not really apply

by robo_dev In reply to Compliance

The road does not need to be compliant with the Federal vehicle safety standards.

The controls related to most, if not all, compliance requirements happen at the application layer and relate to securing the data, not the infrastructure. While the owner of the data does due diligence to make sure the provider meets their security requirements, they are responsible for ensuring that controls over the data, such as encryption, are in place so that the controls over the infrastructure are irrelevant.

The one issue that is important with hosting providers is that data privacy laws vary from country to country, while the entity that is responsible for the data may be in the US. Therefore if a US based hospital has its medical records on an outsourced server in India, and there is a data breach, there may be US laws that are broken, but no laws broken where the data is actually located. This complicates the legal issues considerably.

gravatar
Collapse -

Thanks

by chaniska In reply to Compliance

Thanks for the update. was trying to get some idea on this matter. :)

Back to Software Forum
2 total posts (Page 1 of 1)  

Start or search

Related Discussions

Related Forums