{"id":1628,"date":"2011-10-19T00:00:00","date_gmt":"2011-10-19T00:00:00","guid":{"rendered":"http:\/\/otava.test\/hipaa-compliant-it-security-and-best-practices\/"},"modified":"2011-10-19T00:00:00","modified_gmt":"2011-10-19T00:00:00","slug":"hipaa-compliant-it-security-and-best-practices","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/hipaa-compliant-it-security-and-best-practices\/","title":{"rendered":"HIPAA Compliant IT Security and Best Practices"},"content":{"rendered":"<p>If you collect, process, store or transmit protected health information (PHI), including medical records, you will need to be able to pass a HIPAA audit to meet HIPAA compliance. To meet security safeguards, certain technologies and procedures are recommended in the industry, even if not specifically outlined by HIPAA standards.<\/p>\n<p>The rules and regulations in the Code of Federal Regulations (CFR) that pertain to HIPAA dictate that Online Tech, as a business that deals with clients\u2019 PHI, must:<\/p>\n<ol>\n<li>Protect the availability, integrity and confidentiality of PHI<\/li>\n<li>Have Business Associate Agreements (BAAs) with clients who have PHI<\/li>\n<li>Report any violations of PHI misuse to the OCR (the Office of Civil Rights that audits, fines and charges companies and individuals for <a href=\"https:\/\/www.onlinetech.com\/secure-hosting\/hipaa-compliant-hosting\/resources\/what-is-a-hipaa-violation\">HIPAA violations<\/a>).<\/li>\n<\/ol>\n<p>We deploy all of the following <strong>technology<\/strong> internally that helped us pass our own HIPAA audit, and allows us to offer <a href=\"https:\/\/otavawebsite.wpengine.com\/compliance-security\/hipaa-compliant-cloud\/\">HIPAA compliant hosting<\/a> solutions in our <a href=\"https:\/\/otavawebsite.wpengine.com\/operations\/locations\/michigan-cloud-and-data-centers\/\/compliance\/hipaa-compliant-data-centers\">HIPAA compliant data centers<\/a> (we also happen to offer and recommend these services to our clients that need to be HIPAA compliant):<\/p>\n<ul>\n<li>Private Firewall services (either a Virtual or Dedicated Firewall) with VPN for remote access<\/li>\n<li><a href=\"https:\/\/otavawebsite.wpengine.com\/reference\/managed-cloud-vs-public-cloud\/\">Managed Cloud Server<\/a> (good to ensure high availability and access to data and applications)<\/li>\n<li>Separate database and web servers for production<\/li>\n<li>Separate test server (while the same for web and database, it is not the same for production)<\/li>\n<li><a href=\"https:\/\/otavawebsite.wpengine.com\/solutions\/data-protection\/cloud-backup\/\">Offsite backup<\/a> at a minimum, although <a href=\"https:\/\/otavawebsite.wpengine.com\/solutions\/data-protection\/disaster-recovery-as-a-service\">disaster recovery<\/a> is better<\/li>\n<li>SSL certificates and HTTPS for all web-based access to PHI (to ensure secure connections)<\/li>\n<li>Set up private IP addresses<\/li>\n<li>Encryption \u2013 best practice to do while it is stored in the database and especially in transport. PHI should be encrypted to the NIST standard, <a href=\"https:\/\/csrc.nist.gov\/publications\/fips\/fips197\/fips-197.pdf\">Advanced Encryption Standard<\/a> (AES).<\/li>\n<\/ul>\n<p>HIPAA compliance is about more than just deploying the right technology; it\u2019s also about your own policies and procedures. What are some <strong>best practices<\/strong> for your company to do to meet HIPAA compliance?<\/p>\n<ul>\n<li>Documentation \u2013 write out data management, security, employee training and notification plans.<\/li>\n<li>Implement a password policy.<\/li>\n<li>Don\u2019t use public FTP (File Transfer Protocol) to move your files.<\/li>\n<li>Only use VPN access for remote access.<\/li>\n<li>Implement login retry protection in your application.<\/li>\n<li>Document a tested and detailed disaster recovery plan to recover data in the event of a disaster.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>If you collect, process, store or transmit protected health information (PHI), including medical records, you will need to be able to pass a HIPAA audit to meet HIPAA compliance. To meet security safeguards, certain technologies and procedures are recommended in the industry, even if not specifically outlined by HIPAA standards. The rules and regulations in the Code of Federal Regulations (CFR) that pertain to HIPAA dictate that Online Tech, as a business that deals with clients\u2019 PHI, must: Protect the availability, integrity and confidentiality of PHI Have Business Associate Agreements (BAAs) with clients who have PHI Report any violations of PHI misuse to the OCR (the Office of Civil Rights that audits, fines and charges companies and individuals for HIPAA violations). We deploy all of the following technology internally that helped us pass our own HIPAA audit, and allows us to offer HIPAA compliant hosting solutions in our HIPAA compliant data centers (we also happen to offer and recommend these services to our clients that need to be HIPAA compliant): Private Firewall services (either a Virtual or Dedicated Firewall) with VPN for remote access Managed Cloud Server (good to ensure high availability and access to data and applications) Separate database&#8230;<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-1628","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>HIPAA Compliant IT Security and Best Practices | OTAVA<\/title>\n<meta name=\"description\" content=\"If you collect, process, store or transmit protected health information (PHI), you will need to be able to pass a HIPAA audit to meet HIPAA compliance.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/hipaa-compliant-it-security-and-best-practices\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HIPAA Compliant IT Security and Best Practices\" \/>\n<meta property=\"og:description\" content=\"If you collect, process, store or transmit protected health information (PHI), you will need to be able to pass a HIPAA audit to meet HIPAA compliance.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/hipaa-compliant-it-security-and-best-practices\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2011-10-19T00:00:00+00:00\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-compliant-it-security-and-best-practices\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-compliant-it-security-and-best-practices\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"HIPAA Compliant IT Security and Best Practices\",\"datePublished\":\"2011-10-19T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-compliant-it-security-and-best-practices\/\"},\"wordCount\":378,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/hipaa-compliant-it-security-and-best-practices\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-compliant-it-security-and-best-practices\/\",\"url\":\"https:\/\/www.otava.com\/blog\/hipaa-compliant-it-security-and-best-practices\/\",\"name\":\"HIPAA Compliant IT Security and Best Practices | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"datePublished\":\"2011-10-19T00:00:00+00:00\",\"description\":\"If you collect, process, store or transmit protected health information (PHI), you will need to be able to pass a HIPAA audit to meet HIPAA compliance.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-compliant-it-security-and-best-practices\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/hipaa-compliant-it-security-and-best-practices\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-compliant-it-security-and-best-practices\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HIPAA Compliant IT Security and Best Practices\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"HIPAA Compliant IT Security and Best Practices | OTAVA","description":"If you collect, process, store or transmit protected health information (PHI), you will need to be able to pass a HIPAA audit to meet HIPAA compliance.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/hipaa-compliant-it-security-and-best-practices\/","og_locale":"en_US","og_type":"article","og_title":"HIPAA Compliant IT Security and Best Practices","og_description":"If you collect, process, store or transmit protected health information (PHI), you will need to be able to pass a HIPAA audit to meet HIPAA compliance.","og_url":"https:\/\/www.otava.com\/blog\/hipaa-compliant-it-security-and-best-practices\/","og_site_name":"OTAVA","article_published_time":"2011-10-19T00:00:00+00:00","author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/hipaa-compliant-it-security-and-best-practices\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/hipaa-compliant-it-security-and-best-practices\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"HIPAA Compliant IT Security and Best Practices","datePublished":"2011-10-19T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/hipaa-compliant-it-security-and-best-practices\/"},"wordCount":378,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/hipaa-compliant-it-security-and-best-practices\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/hipaa-compliant-it-security-and-best-practices\/","url":"https:\/\/www.otava.com\/blog\/hipaa-compliant-it-security-and-best-practices\/","name":"HIPAA Compliant IT Security and Best Practices | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"datePublished":"2011-10-19T00:00:00+00:00","description":"If you collect, process, store or transmit protected health information (PHI), you will need to be able to pass a HIPAA audit to meet HIPAA compliance.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/hipaa-compliant-it-security-and-best-practices\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/hipaa-compliant-it-security-and-best-practices\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/hipaa-compliant-it-security-and-best-practices\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"HIPAA Compliant IT Security and Best Practices"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/1628","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=1628"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/1628\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=1628"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=1628"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=1628"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=1628"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}