Tips to Aid in Your Search for a HIPAA Compliant Cloud Storage Provider

Finding a HIPAA Compliant cloud storage provider is no small task. There are many storage providers that claim to be HIPAA Compliant, but what exactly does that mean and what should you look for when choosing the storage provider for you? Listed below are some quick things to look for before you put your trust in a storage provider.


Has the Cloud Storage Provider had their yearly audit?

Be sure that the provider has undergone the required yearly data center and infrastructure audits complying with the current Audit Protocol. These audits will help ensure that the provider you choose is dedicated to privacy and is indeed HIPAA Compliant.


Does the Cloud Service Provider use encryption for PHI?

Just like Cloud Service Providers, not all encryption is created equally. The use of encryption is not a “mandatory” practice for Cloud Storage Providers. This is why it’s so important to make sure that the provider you are looking into uses the appropriate encryption algorithms such as SHA-2 and AES-256.


Do you trust the Cloud Storage Provider?

When choosing the Cloud Storage Provider that is right for you, trust is crucial. If you don’t trust the provider, how can you be confident that they are taking care of all of your sensitive data? We recommend doing your homework. Make sure they are genuinely interested in protecting your critical data and that they’re as invested in this process as you are.


Is there a BAA in their contract?

Be sure that the Cloud Storage Provider’s contract includes a Business Associate Agreement. A written contract should include everything in this sample agreement.


Here at Virtual Systems, we take the security of your sensitive data very seriously. We make sure your data is stored securely and in compliance with HIPAA & PCI standards. All data is stored on centrally located servers, instead of on local desktops or devices. Servers are located in highly-protected data centers, secured with monitored alarm systems, card access, and state-of-the-art temperature and humidity controls. We never share network traffic. All client data is transmitted in its own secure virtual network.

If you want to know more about just how serious we take data security? Contact us today, we would be happy to tell you all about it.