Whether you are running a hospital, a healthcare research facility, or any other type of medical facility where you provide care to patients, safety and security is a top concern. Protecting electronic protected health information (ePHI) requires a high level of performance, compliance, and security. Do not let the colocation myths sway you, data center facilities can handle this.
With so many healthcare data breaches making headlines, many medical organizations are apprehensive about outsourcing any portion of their technology. Misconceptions in the healthcare industry have slowed innovation and even put ePHI at more of a risk.
There are steps that the medical industry can take to ensure their data and technology is protected. Many organizations that manage patient information have slowly started to increase their use of off-premises data storage. According to a recent Spiceworks survey of IT professionals working in the healthcare field, 46 percent of respondents said their healthcare data is stored off-premises. Whether that be at a physical location the organization owns or manages, a physical location owned by a third party (colocation), a hosted/cloud location, or a hybrid cloud environment.
Despite the growing use, there are many colocation myths that have circulated in the medical field. Here are four colocation myths and misconceptions that the healthcare industry should leave behind.
#1: Colocation Is Not a Secure Option for Healthcare Organizations
When it comes to the environment, security is the top priority for healthcare IT. According to the Spiceworks survey, nearly a third (or 31 percent) of IT healthcare professionals are looking for solutions that will improve the security posture of the organization.
Migrating critical infrastructure to a colocation facility is a major step for healthcare organizations. Lack of security is a concern, yet delaying the migration process could be putting ePHI at even more risk. 34 percent of the Spiceworks survey respondents reported experiencing security and compliance issues with their data when left on-premises.
Top Security Concerns for IT Healthcare Professionals
It is no surprise that risks like hacking and malware are top concerns for IT professionals. What may not be as widely known is the belief that IT professionals will lose control of their data and security if they move it to a colocation facility. There is not a surefire way to prevent hacking, but IT professionals can and will stay in complete control of their data if they choose the right colocation provider.
Colocation can improve an organization’s security posture by providing more security expertise and sophisticated controls than what many healthcare organizations have in-house. In addition, IT professionals have complete access to control their critical infrastructure if they want.
In addition to losing control, other top concerns include new security threats that have emerged this year. “I believe 2019 will bring the first of many AI-driven attacks on U.S. companies’ critical infrastructure,” said Rick Grinnell, Founder and managing partner of Glasswing Ventures to CIO News. Grinnell says AI was not a factor in the most notable attacks of the last year, but he expects that to change.
What to Look for in a Secure Colocation Provider
With security as a top-ranking priority, here are a couple of items to ensure your colocation provider checks off:
- World-class security systems
- Physical security:
- Video surveillance with archival records
- Perimeter barriers
- Mantrap entries to all secure areas of the facility
- Assess controlled by multifactor authentication including badge IDs and biometric scanners
- Locked cages and separate cages or private suites for those that require it
- Cabinets with access control options
- 24x7x365 live security technician onsite for support and continual monitoring
#2 Every Colocation Provider’s Data Center is Essentially the Same
There are plenty of colocation facilities that look like they are equipped with all of the latest security features, but the devil is in the details. Flashy marketing can distract from the facts that truly need to be considered when choosing a colocation provider.
Before being swayed by the appearances of a colocation facility, be prepared to ask the tough questions and demand to see the official audit reports before selecting a provider. Not all data centers are created the same.
The benefits of colocation that range from scalability and enhanced security to increased efficiencies and cost savings cannot be experienced until you choose the right colocation provider. When screening colocation providers, it is important to not only look at their positive features but their potential sources of failure. Knowing the hazards that can compromise reliability could change your entire decision.
When touring different colocation facilities, ask, “what makes you different from the other providers?” Colocation is more than just racking and stacking equipment in a data center and adding a network connection. If your healthcare organization is not finding a world-class facility to protect critical ePHI, move on to the next.
Other things that make a world-class colocation facility and provider differentiate itself from others is their power and cooling. Make sure any colocation provider you are considering meets required standard ranges for power, cooling, and humidity.
There are many other considerations that go into selecting a colocation facility. Things like budget, Service Level Agreements (SLAs), contracts, and other factors will play pivotal a role, as well. Do not be persuaded by marketing fluff. Ask the hard questions. Check references, particularly from third-party auditors and provider’s customers who are like your organization and have been with the provider for a long time.
#3 Colocation Will Not Meet Our Compliance Requirements
The idea that a colocation facility cannot meet the healthcare compliance requirements is false. We would like to debunk that compliance and colocation myth. Nearly one-third (or 31 percent) of surveyed healthcare IT professionals are concerned with compliance when evaluating data storage and colocation services.
IT professionals are worried about migrating their servers into a colocation facility that may not provide the level of compliance and support that is required by government agencies like HIPAA and The Health Information Trust Alliance (HITRUST).
Thankfully, colocation providers can help alleviate these compliance burdens, as many providers specialize in specific regulatory and industry compliance standards. The right colocation provider can take the guesswork out of keeping businesses protected and facilitate any required audit activities.
HIPAA and HITRUST Compliant Colocation Facilities
It is becoming increasingly uneconomical for businesses to run their own data centers due to the growing need for considerations of HIPAA compliance in cloud storage, security, and IT infrastructure. The transition away from traditional, on-site data storage is fast approaching and businesses are looking for cloud storage partners that consider HIPAA in their control environment to help keep sensitive healthcare data secure.
LightEdge has successfully undergone a third-party examination against the HIPAA Security Rule and HITECH Breach Notification Requirements and has been issued a Type 1 attestation report from an independent CPA firm. This means our facilities have the HIPAA colocation requirements to keep your data HIPAA-compliant.
There are many inconsistencies and ambiguous details in the requirements for HIPAA compliance. The vague language and lack of guidance make it difficult to understand HIPAA’s “reasonable and appropriate” protections. HITRUST created the Common Security Framework (CSF) and incorporated best practices across several industries to create a meaningful, robust compliance framework for healthcare. By incorporating the requirements of HIPAA, PCI, ISO and NIST, the CSF creates a certifiable baseline that promises HIPAA compliance and effective security.
LightEdge is one of the few providers who have been HITRUST audited and certified. Very few hosting providers have gone through the demanding process of attaining the HITRUST CSF Certification. With LightEdge as your partner in compliant hosting solutions, you’ll be able to confidently state that you have the clarity, backing, and certification of HITRUST. Our Austin Data Center is HITRUST-Compliant to keep your data safe.
What to Look for in a Compliant Colocation Provider
Remaining compliant with healthcare standards is imperative when securing ePHI. Here are factors to look for in a compliant colocation provider:
- SSAE 18 SOC 1 Type II, SOC 2 Type II and SOC 3: The American Institute of Certified Public Accountants (AICPA) developed the System and Organization Controls (SOC) suite of reports to assess and address risks associated with outsourced processes and evaluate the controls in place at service organizations.
- ISO 20000-1 & ISO 27001: ISO 20000-1 is a significant competitive differentiator in the IT services industry. The process to become ISO 20000-1 certified includes a multi-stage audit process in the first year, followed by annual surveillance reviews completed by an accredited certification body. The ISO/IEC 27001:2013 standard and its accompanying standard, ISO/IEC 27002:2013, contain 14 control objectives, in addition to, the management framework required to achieve certification.
- PCI DSS: PCI DSS is a set of security standards that were designed to encourage and enhance cardholder data security and facilitate consistent data security measures globally.
- HIPAA & HITECH: Control guidance based on the requirements of HIPAA and HITECH is essential to the healthcare industry. HIPAA establishes requirements for the use, disclosure, and safeguarding of ePHI.
#4 Colocation Cannot Provide Healthcare IT with the Performance Needed to Operate
Another high-ranking priority for healthcare IT professionals is performance. Healthcare organizations need to ensure performance and uptime to operate effectively, but the bigger problem is that outdated on-premises technology is holding many healthcare organizations back.
According to Spiceworks, nearly 70 percent of surveyed healthcare IT professionals reported availability and bandwidth issues are a top pain point with their existing on premises storage solutions. Almost half, or 46 percent reported technical challenges of other kinds.
Unfortunately, cost and scalability constraints make onsite infrastructure upgrades unrealistic for many healthcare organizations. Colocation providers can offer a high-performance alternative, with 100 percent uptime SLAs to ensure data is available at all times, and access to network and cloud providers to help build out a hybrid IT solution.
What to Look for in a High-Performance Colocation Provider
When vetting different colocation providers, ensure they can check off the following performance items:
- Interconnected with an advanced network backbone to serve next-gen computing requirements
- Scalable from a single rack to 10,000-square-foot suites
- Redundant power and cooling, geographically diverse central offices, and multiple data network carrier access
- Best-in-class networking equipment and have partnered with top providers to ensure the utmost in data center connectivity
LightEdge Busts all of your Healthcare Colocation Myths with Top Security and Compliance
LightEdge has HIPAA secure data center locations at our Des Moines, Kansas City, Omaha, Austin and Raleigh data center facilities. With LightEdge, you can achieve auditable HIPAA compliance. With a specific background working with healthcare organizations, our data center and hosting solutions provide you with confidence you need to meet HIPAA requirements.
LightEdge offers a free risk assessment from our compliance experts as an included resource to all of our customers. Compliance and security are top priorities to guarantee that your data is protected. While there is no certification for HIPAA, LightEdge has successfully undergone a third-party examination against the HIPAA Security Rule and has been issued a Type 1 AT 101 letter of attestation confirming our alignment with HIPAA safeguards. LightEdge is compliant with:
- ISO 27001
- ISO 20000-1
- SSAE 18 SOC 1 Type II, SOC 2 Type II and SOC 3
- PCI DSS 3.2
If you are interested in getting a risk free assessment from our healthcare compliance experts, a tour of any of our HIPAA compliant data centers or to learn more about LightEdge’s compliance offers, contact us here. We have cloud hosting security and compliance experts standing by to answer any of your questions.
If you want to learn more about HIPAA compliance download our two e-books, Patient Privacy and Data Security: Utilizing IT Vendors to Meet HIPAA Compliance and Avoid, and How to Deploy a Secure Compliant Cloud for Healthcare.