Many businesses are now searching for the best HIPAA compliant hosting service. This article provides an overview of HIPAA compliance, outlines the requirements for a web host to obtain HIPAA certification status, and gives recommendations for key RFP items you should look for when selecting a provider.
HIPAA PROVIDers:
1. Atlantic.Net
Ease of Use
Pricing
Customer Support
Atlantic.Net Pros:
- HIPAA and HITECH compliant
- Simple and easy interface
- Windows and Linux hosting
Atlantic.Net Cons:
- Limited payment methods
Need to attain HIPAA compliance and secure your health and data records, but do not know where to start? With over 25 years of experience Atlantic.NET can help. Their cloud hosting solutions are designed to secure and protect critical healthcare medical records, backed by independently audited and certified world-class data center infrastructure and a business associate agreement.
Founded in 1994, Atlantic.Net is a leading web hosting company with data centers in San Francisco, Orlando, Dallas, Ashburn, Toronto, New York, and London. Atlantic.Net proudly serves over 15,000 businesses with a full range of award-winning cloud and managed services. The company has built a reputation for excellence, and its continuous desire to improve the quality of its services has allowed it to become SOC 2 TYPE II and SOC 3 TYPE II certified, HIPAA and HITECH audited.
Providing both managed solutions and unmanaged hosting solutions, all your HIPAA compliance hosting needs will be met with Atlantic.Net, backed by their 100% uptime guarantee covering flexible private, public and hybrid hosting environments.
To deliver a HIPAA compliant hosting solution, Atlantic.Net provides a firewall, encrypted VPN, offsite backups, multifactor authentication, private hosted environment, SSL certificates, SSAE 18 certificates, and business associate agreement (BAA). Prices start at $385 a month for a HIPAA compliant dedicated server, but you can also sign up for Atlantic.Net’s cloud hosting, which starts at just $8 a month.
Atlantic.Net can take care of your HIPAA requirements, so that you can focus on your core business. In fact, they’re so confident in their HIPAA hosting that they offer a Free IT Architecture Design and Free Assessment on Cloud Security Design coupled with a free to use server today for one full year!
Atlantic.Net checks all the HIPAA and HITECH audit boxes, has outstanding performance, excellent customer support, competitive pricing, and of course, you can’t beat free for one full year!
Atlantic.Net Pros:
- HIPAA and HITECH compliant
- Simple and easy interface
- Windows and Linux hosting
Atlantic.Net Cons:
- Limited payment methods
2. LiquidWeb
Ease of Use
Pricing
Customer Support
LiquidWeb Pros:
- High-quality managed hosting
- HIPAA compliant
- VPS and dedicated servers
LiquidWeb Cons:
- Expensive
- No shared hosting
Liquid Web is our favorite VPS hosting provider, offering blazing fast speeds with some of the best support in the business. They’re a leader in managed hosting services to SMBs and web professionals worldwide, and as of late 2017, Liquid Web announced their dedicated and cloud dedicated solutions are compliant with HIPAA (Health Insurance Portability and Accountability Act) guidelines.
This expansion into HIPAA compliant hosting offers affordable prices with 100 percent uptime guarantees, and customer support provided by trained professionals who understand everything there is to know about web hosting.
While many other web hosting providers merely claim to be HIPAA compliant without having anything to show for it, Liquid Web has completed a rigorous independent audit to prove that it really meets all HIPAA requirements.
Our continued focus on exceeding compliance expectations means our clients can be assured that we have the physical and technical safeguards in place and our processes, policies, and network security are all focused on protecting our customer’s data with the highest standards,” says Carrie Wheeler[3], Chief Operating Officer of Liquid Web.
Liquid Web customers can choose between two pre-configured HIPAA hosting plans: Single Server HIPAA Hosting and Multiple Server HIPAA Hosting. Single Server HIPAA Hosting includes a single dedicated server for web and database use, and it starts at $299. Multiple Server HIPAA Hosting includes one or more web servers with a separate database server, and it starts at $788.
If neither of the two pre-configured HIPAA hosting plans meet your web hosting criteria, you can get in touch with Liquid Web and let it help you pick the perfect hosting plan for your needs, from dedicated servers to cloud VPS hosting to managed WordPress. Liquid Web can even migrate your site, store, or application to its servers, making HIPAA compliant hosting as accessible as it can be.
Liquid Web has been around for more than 20 years, serving customers in over 130 countries and employing around 500 hosting professionals. The company’s bread and butter is simple self-managed hosting for businesses and organizations with mission-critical sites, stores, and applications. You would be hard-pressed to find any other hosting company that offers a 59-second support guarantee, 24 hours-a-day and 365 days a year, so its no wonder that Liquid Web is an industry leader in customer service.
LiquidWeb is characterized by its high-performance services and exceptional customer support, and it’s the ideal partner for all businesses and organizations with mission-critical sites, stores, and applications that can’t afford to ignore HIPAA compliance and must adhere to the stringent security and privacy regulations for handling Protected Health Information (PHI).
LiquidWeb Pros:
- High-quality managed hosting
- HIPAA compliant
- VPS and dedicated servers
LiquidWeb Cons:
- Expensive
- No shared hosting
3. AWS
Ease of Use
Pricing
Customer Support
AWS Pros:
- Choice of data centers
- Industry standard compliance
- Choice of managed services
AWS Cons:
- Billing is confusing
- No enterprise-grade support
Read our full review
Amazon Web Services (AWS) is an on-demand cloud computing platform that offers compute power, database storage, content delivery, and other functionality you would expect from a web hosting service. AWS is used by some of the largest companies in the world, including Netflix, Quora, NDTV, GoIbibo, Dropbox, and many others, so there’s no reason to doubt its reliability.
There’s also no reason to doubt its security because AWS aligns its HIPAA risk management program with FedRAMP and NIST 800-53, which are higher security standards that map to the HIPAA Security Rule. AWS signs a HIPAA business associate addendum (BAA) with its customers to ensure that AWS appropriately safeguards protected health information.
What we really like about AWS is its pay-as-you-go pricing approach. Instead of paying a fixed monthly fee regardless of how much resources you really use, AWS lets you pay only for the services you actually use and only for the amount of time you use them. Should you ever decide to completely stop using AWS, you won’t have to deal with any additional costs or termination fees, which is great if flexibility matters to you.
AWS Pros:
- Choice of data centers
- Industry standard compliance
- Choice of managed services
AWS Cons:
- Billing is confusing
- No enterprise-grade support
4. Rackspace
Ease of Use
Pricing
Customer Support
Rackspace Pros:
- Azure support
- Excellent customer support
- Simple migration
Rackspace Cons:
- Support tickets can take a while to answer
Read our full review
Rackspace is a trusted web hosting company that has been around since 1998, offering a comprehensive selection of digital services and solutions designed to meet the needs of all industries, including healthcare.
The company offers multiple cloud platforms to choose, including a multi-tenant public cloud with pay-as-you-grow scalability, single-tenant private cloud for maximum security, hybrid cloud that makes it possible to connect public clouds, private clouds, and traditional dedicated servers for individual applications, and multi-cloud that relies on cloud providers such as Amazon or Microsoft.
However, it doesn’t really matter which cloud platform you choose because Rackspace is all about flexibility and scalability. You can easily migrate to the cloud of your choice and rest assured knowing that the company’s signature Fanatical Support will guide you along the way.
Rackspace offers HIPAA-ready hosting solutions in its private cloud environment, which is HITRUST CSF-certified to guarantee that it complies with HIPAA. In addition to providing security and privacy standards for handling PHI, Rackspace specialists are ready to help businesses and organizations design a hosting approach that addresses their needs in the most cost-effective way.
Rackspace Pros:
- Azure support
- Excellent customer support
- Simple migration
Rackspace Cons:
- Support tickets can take a while to answer
5. Azure For Health Cloud
Ease of Use
Pricing
Customer Support
Azure Pros:
- High availability
- Scalable hosting
- Cost-effective
Azure Cons:
- Requires management
- Requires platform expertise
Read our full review
Azure is Microsoft’s cloud computing platform that provides software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). It was first released in 2010, and it has since then become a major AWS competitor, offering over 600 services encompassing everything from web hosting to storage to data management to messaging to machine learning and much more.
Just like AWS, Azure for Health Cloud lets you pay only for the resources you really use and cancel at any time without any additional costs or termination fees. If you’re migrating from a competing cloud computing platform, you will be pleased to know that Azure offers price matching on comparable services, allowing you to combine discounts and pricing offers to reduce your cloud costs. What’s more, you can try it for free for the first 30 days to see what it’s all about.
Azure has been audited by accredited independent auditors for the Microsoft ISO/IEC 27001 certification, which formally specifies the management system for information security, and the platform is also covered by FedRAMP assessments.
Last year, Microsoft released automation for HIPAA/HITRUST compliance to help companies and organizations build and launch compliant cloud-powered applications and services. Called the Azure Security and Compliance Blueprint, this unique turn-key solution provides excellent deployment efficiency, helping health organizations all over the world leverage the cloud to improve their outcomes.
Azure Pros:
- High availability
- Scalable hosting
- Cost-effective
Azure Cons:
- Requires management
- Requires platform expertise
6. Hostway|HOSTING’s Healthcare Cloud
Ease of Use
Pricing
Customer Support
Hostway Pros:
- Specifically designed for healthcare providers
- 100% audit assurance
- 24/7/365 monitoring
Hostway Cons:
- Expensive
Read our full review
There are many compelling cloud solutions today, but most of them leave at least one or two things to be desired. Hostway|HOSTING layers its managed services atop AWS and Azure cloud infrastructures to provide unparalleled support and visibility while achieving full PCI/DSS, HIPAA/HITECH, and SOC 2/3 compliance across every type of platform.
The Hostway|HOSTING Healthcare Cloud has been designed specifically to meet the needs of healthcare providers that want to streamline their decision-making, improve workflows, and promote data sharing across and beyond the healthcare industry.
Hostway|HOSTING employs a team of dedicated information security and cloud compliance experts who are certified to manage and monitor customers’ cloud hosting environments. Thanks to them, Hostway|HOSTING can offer 100 percent audit assurance, having successfully completed more than 400 customer security assessments.
Hostway|HOSTING has a very concise Business Associate Agreement (BAA) that clearly describes the company’s responsibilities when it comes to safeguarding protected health information. Prices start at $250 a month for the Explorer level of Hostway|HOSTING managed services, which includes 24 x 7 x 365 monitoring and support, pre-built monitoring dashboards, fully managed infrastructure, co-administration of OS, file system backup monitoring and management, firewall management, malware protection, and guaranteed availability, just to name a few features.
Hostway Pros:
- Specifically designed for healthcare providers
- 100% audit assurance
- 24/7/365 monitoring
Hostway Cons:
- Expensive
7. OVH
Ease of Use
Pricing
Customer Support
OVH Pros:
- Affordable plans
- Variety of services
- Energy efficient
OVH Cons:
- Hands-off approach to customer support
Read our full review
OVH is a great example of a family-founded company that has become incredibly successful by sticking to its core values and offering a customer-centric approach that so many other web hosting companies lack. At the time of writing this article, OVH has 27 data centers in 19 countries, and it uses them to host well over 300,000 servers.
The large portfolio of web hosting services by OVH includes bare metal servers, hosted private cloud, public cloud services, VPS servers, and even shared messaging and mailboxes. If you’re looking for HIPAA compliant hosting, OVH can deliver it via its vCloud Air hosted private cloud software-defined data center built on the latest generation of Intel hardware and the VMware technology stack. An independent third party examined vCloud Air against applicable controls of HIPAA, and it passed with flying colors.
OVH Pros:
- Affordable plans
- Variety of services
- Energy efficient
OVH Cons:
- Hands-off approach to customer support
8. Colocation America
Ease of Use
Pricing
Customer Support
Colocation America Pros:
- 100% uptime
- Plenty of data centers
- No setup fees
Colocation America Cons:
- Live chat offline most of the time
- No shared hosting
Read our full review
It’s very difficult to meet all HIPAA requirements and provide secure HIPAA compliant server hosting, which is why many web hosting companies don’t even attempt it—but not Colocation America. This reliable colocation hosting provider with data centers in Los Angeles was established in 2000 with a vision to deliver a trusted colocation hosting service at a competitive price.
To comply with HIPAA, Colocation America provides the following HIPAA data security measures: SSL certificates and HTTPS, AES encryption, virtual or dedicated private firewall services, remote VPN access, disaster recovery, and dedicated IP addresses. It also maintains redundant, isolated, and secure database and web servers with high connection speeds, 100 percent uptime guarantee, and unparalleled 24/7 customer support.
Colocation America Pros:
- 100% uptime
- Plenty of data centers
- No setup fees
Colocation America Cons:
- Live chat offline most of the time
- No shared hosting
9. Armor (Firehost)
Ease of Use
Pricing
Customer Support
Armor Pros:
- 99.99% uptime SLA
- SSD storage
- Plenty of security options
Armor Cons:
- Limited to cloud hosting
Read our full review
Armor is a cloud security company that also provides secure hosting services that make it easy to meet HIPAA/HITRUST, PCI DSS, and GDPR cloud compliance requirements. The company was founded in 2009 as Firehost, starting as the first Totally Secure cloud company. In 2015, Firehost became Armor, and the same year also saw the release of Armor’s managed security solution for all hosting environments, called Armor Anywhere.
To simplify HIPAA compliance, Armor offers a broad range of Health Information Trust Alliance Common Security Framework (HITRUST CSF) certified solutions and provides 24/7/365 hands-on support. You can get in touch with Armor via phone numbers or online chat and ticketing service, and the company also maintains an active social media presence, posting service updates and announcing new features.
Armor Pros:
- 99.99% uptime SLA
- SSD storage
- Plenty of security options
Armor Cons:
- Limited to cloud hosting
10. Truevault
Ease of Use
Pricing
Customer Support
TrueVault Pros:
- Extremely secure
- Demo available
- Variety of plans
TrueVault Cons:
- Implementation can be difficult
Read our full review
Think of Truevault as an online safe for personally identifiable information. This HIPAA, GDPR, and CCPA-compliant cloud hosting solution provides a secure application programming interface (API) that allows healthcare providers and everyone else who needs to meet HIPAA Physical and Technical Safeguards and GDPR data requirements with a secure way how to store personally identifiable information.
The best way how to get started with Truevault is to request a demo or talk to the company’s technical sales team. Truevault offers three plans that cover startups, medium and large businesses, as well as global enterprises. To help you implement its solution, Truevault organizes implementation workshops, which are basically 1-on-1 video calls with platform architects.
TrueVault Pros:
- Extremely secure
- Demo available
- Variety of plans
TrueVault Cons:
- Implementation can be difficult
11. HIPAA Vault (formerly VMRacks)
Ease of Use
Pricing
Customer Support
HIPAA Vault Pros:
- Ideal for startups and enterprises
- Quick response times
- Flat rate hosting
HIPAA Vault Cons:
- Lowest prices require minimum 12-month contract
Read our full review
HIPAA Vault (formerly VMRacks) offers managed HIPAA compliant cloud solutions to simplify HIPAA compliance. The company launched in 1997 with the mission of providing world-class customer-service, impeccable technical support, and affordable data security. Today, HIPAA Vault proudly serves large enterprise-level clients such as Deloitte, but its services are ideal even for startups.
The cheapest HIPAA hosting plan from HIPAA Vault costs $349 a month, and it includes 50 GB of disk space, 11 GB of RAM, 3 TB of bandwidth, and 3 CPU cores. A tier above it is the company’s $499 a month plan, which includes 500 GB of disk space, 15 GB of RAM, 3 TB of bandwidth, and 4 cores. HIPAA Vault also offers HIPAA compliant managed WordPress hosting, FTP hosting, email, and file vault. These
HIPAA Vault Pros:
- Ideal for startups and enterprises
- Quick response times
- Flat rate hosting
HIPAA Vault Cons:
- Lowest prices require minimum 12-month contract
12. Connectria
Ease of Use
Pricing
Customer Support
Connectria Pros:
- 99.99% uptime
- Outstanding customer support
- Wide range of technologies
Connectria Cons:
- No pricing plans
- No shared web hosting
Read our full review
For customers in the healthcare industry or anyone who must comply with the HIPAA or HITECH Act security standards, Connectria offers HIPAA compliant hosting solutions that include both its own compliant clouds as well as leading public clouds such as AWS and Azure. Connectria has been independently audited, and the company gladly enters into a Business Associate Agreement (BAA) with all of its customers.
The story of Connectria started over 20 years ago, and the company has since then managed to empower customers around the world with its industry-leading hosting solutions, exceptional 24×7 support, and 100 percent satisfaction guarantee. If you would like to learn more about its services, we recommend you contact Connectria directly using the contact form on its website.
Connectria Pros:
- 99.99% uptime
- Outstanding customer support
- Wide range of technologies
Connectria Cons:
- No pricing plans
- No shared web hosting
13. LightEdge
Ease of Use
Pricing
Customer Support
LightEdge Pros:
- OnRamp feature
- Easy to use
- Good value for money
LightEdge Cons:
- OnRamp can be restrictive
Read our full review
With its recent acquisition of OnRamp, LightEdge has become the leader in compliant cloud solutions. The company provides the flexibility, security, and control needed to meet HIPAA’s stringent compliance requirements by offering a full stack of best-in-class IT services built on top of its purpose-built data centers and industry-leading infrastructure.
LightEdge’s compliance and security process includes risk assessment, security controls, security policies, managed security solutions, and security audit support. Prices are available upon request, and you can get in touch with the company by filling out its contact form or giving it a call at (515) 471-1000.
LightEdge Pros:
- Free SSL certificate
- Recommended by WordPress
- 100% uptime
LightEdge Cons:
- Only 50GB storage on lowest plan
14. Datica
Ease of Use
Pricing
Customer Support
Datica Pros:
- Wide range of services
- Compliant-hosted platform
- Good customer support
Datica Cons:
- Expensive
Read our full review
Previously known as Catalyze, Datica brings healthcare to the cloud by offering a whole family of powerful solutions that include Cloud Compliance Management System, Compliant Managed Integration, Compliant Kubernetes Service, and Compliant Platform as a Service.
Together, the different parts of the Datica family of services help companies and organizations build and deploy digital health applications on a compliant hosted platform that removes the stress and frustration of complex healthcare data integration problems. You can ask Datica representatives to reach out to you to answer your questions and give you pricing, which is also a great way how to experience the dedication and expertise of the company’s customer support staff.
Datica Pros:
- Wide range of services
- Compliant-hosted platform
- Good customer support
Datica Cons:
- Expensive
15. Aptible
Ease of Use
Pricing
Customer Support
Aptible Pros:
- Automated compliance management
- Flexible control for users
- Customizable plans
Aptible Cons:
- No fixed pricing can be confusing
Read our full review
Aptible describes itself as a secure, private cloud deployment platform that’s built from the ground up to automate HIPAA compliance. Essentially, Aptible helps companies and organizations pass information security audits by offering a framework-agnostic container hosting platform that can be easily used to launch a new app or migrate an existing project.
Unlike many other compliance tools, Enclave doesn’t limit developer access to critical resources and security, allowing companies and organizations to maintain the agility they need to remain competitive. No fixed pricing plans are available because Aptible offers fully customized plans to all of its customers to meet their requirements without any compromises.
Aptible Pros:
- Automated compliance management
- Flexible control for users
- Customizable plans
Aptible Cons:
- No fixed pricing can be confusing
16. INAP (SingleHop)
Ease of Use
Pricing
Support
INAP Pros:
- Global coverage
- Tier 3 data centers
- Multiple industry certifications
INAP Cons:
- Chatbot-based live chat
Read our full review
In Q1 of 2018, Internap Corporation (INAP) acquired SingleHop LLC for $132 million in cash.
The integration of SingleHop into INAP has taken some time, but in early 2019 the transition was completed, as the SingleHop website, login portals, and admin are now assimilated into INAP.
About INAP
INAP was founded in 1996 in Seattle, Washington. The company went public in 1999 with their IPO (NASDAQ: INAP). They are now headquartered in Reston, Virginia.
Since going public INAP has been expanding through an acquisition strategy. Listed in chronological order are INAP’s aquisitions:
- 2000 – CO Space, Inc – datacenter services (the majority of the company’s current revenues)
- 2000 – VPNX.com – managed VPN service provider
- 2007 – VitalStream Holdings, Inc. – content delivery service
- 2012 – Voxel Holdings, Inc. – enterprise cloud hosting and cloud services
- 2013 – iWeb – web hosting
- 2018 – SingleHop – IT hosting company
Today, INAP provides performance-driven data center and cloud solutions for their clients, who range from fortune 500 companies to tech startups.
About SingleHop
SingleHop was headquartered in Chicago, with data centers in the United States and Europe. It provided managed hosting to more than 4,000 clients in 114 countries and also offered dedicated and cloud hosting. The company was founded in 2006 by Zak Boca and Dan Ushman. SingleHop was a leading provider of HIPAA compliant web hosting, offering comprehensive managed hosting solutions via its powerful automation platform backed by certified technicians and a comprehensive Business Associate Agreement (BAA).
SingleHop was a longstanding company on our top HIPAA compliant web host list, making it onto this recommended list for several years running. SingeHop’s had an excellent BAA for all HIPAA-compliant environments, which covered the entire infrastructure and evenly distributed the liability. Part of the BAA included audit trails and comprehensive reporting on any security incidents.
Another reason we liked SingleHop was their partnership with AlertLogic™, a compliance leader. Their security compliance services integrated into your platform, auditing for compliance across PCI DSS, GDPR, HIPAA, SOC 2 and SOX requirements. The marriage was made perfect by integrating hosting and managed services to cover both the operational side of the network infrastructure and the regulatory expertise.
Perhaps our favorite features of SingleHop was that all new clients could schedule a free, 30-minute HIPAA compliance review to find out how much they would have to pay if they decided to go with SingleHop’s HIPAA compliant hosting. The call was not purely sales but was led by SingleHop technicians who had a deep understanding of what goes into creating HIPAA compliant environments and how to follow all the requirements and best practices that go into preventing access to electronic protected health data. We hope IMAP restores this feature if-and-when they re-launch a dedicated HIPAA compliant hosting offering.
Unfortunately, however, INAP doesn’t place the priority on HIPAA compliance and HITEC certification that SingleHop did, at least currently. We will closely monitor the INAP offering and audit their HIPAA compliant hosting package if-and-when they re-release the original SingleHop platform. But for now, post-acquisition and platform absorption, we have moved INAP (SingleHop) to the last spot on our top recommended HIPAA compliant web hosts, pending future updates.
INAP Pros:
- Global coverage
- Tier 3 data centers
- Multiple industry certifications
INAP Cons:
- Chatbot-based live chat