{"id":1891,"date":"2012-04-26T00:00:00","date_gmt":"2012-04-26T00:00:00","guid":{"rendered":"http:\/\/otava.test\/the-impact-of-hitech-hipaa-on-data-centers\/"},"modified":"2012-04-26T00:00:00","modified_gmt":"2012-04-26T00:00:00","slug":"the-impact-of-hitech-hipaa-on-data-centers","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/","title":{"rendered":"The Impact of HITECH & HIPAA on Data Centers"},"content":{"rendered":"

\"HIPAA<\/a>Our HIPAA hosting<\/a> and HIPAA compliant data center white paper<\/a> provides a\u00a0description of a\u00a0HIPAA compliant data center<\/a>\u00a0IT architecture, contractual requirements, benefits\u00a0and risks of data center outsourcing, and vendor selection criteria. Section 2.0<\/strong> discusses the impact of HITECH and HIPAA on data centers:<\/p>\n

Protecting the confidentiality, integrity, and availability of electronic protected health information (ePHI) is the essence of the HIPAA Security Rule1. Since data centers<\/a> typically store, transmit, or process ePHI, they must comply with the HITECH standards and citations to meet HIPAA compliance. The same risk analysis, administrative safeguards, physical safeguards, technical safeguards, and ongoing due diligence apply just as much in the data center as in a provider\u2019s facility.<\/p>\n

While there is some debate about the responsibilities of business associates for the protection of ePHI, all indications point toward business associates being held as responsible as covered entities. Consider the latest notice of proposed rulemaking that speaks to the extension of responsibilities from covered entities to business associates:<\/p>\n

As with the Privacy Rule, the Security Rule requires covered entities to have contracts or other arrangements in place with their business associates that provide satisfactory assurances that the business associates will appropriately safeguard the electronic\u00a0protected health information they receive, create, maintain, or transmit on behalf of the covered entities.<\/p><\/blockquote>\n

Moreover, both covered entities and business associates should bear in mind that prosecution by the Office of Civil Rights (OCR) under HITECH is not the only legal concern. The last year has witnessed an increase in state and consumer lawsuits against both covered entities and business associates. In January 2012, Minnesota Attorney General filed a lawsuit against Accretive Health, for failing to protect the confidentiality of over 23,000 patient healthcare records.<\/p>\n

\"HIPAA<\/p>\n

The safest and most diligent practice to protect ePHI is to ensure that the same policies, risk management, safeguards, and ongoing compliance governance standards are followed no matter where ePHI resides. This means that data centers, whether in-house or outsourced, need to fully embrace complete responsibility for ePHI.<\/p>\n

In the areas of administrative safeguards, such as ongoing HIPAA awareness and training for all employees, healthcare providers tend to be stronger. In the areas of technical safeguards and PHI availability,\u00a0professional data center companies that invest extensively in redundant facility infrastructure and security may be the safer bet.<\/p>\n

Ideally, either a healthcare provider would have infinite resources to build and maintain multiple, high-availability data centers or a data center hosting business associate would have a thorough understanding of HIPAA compliance including a HIPAA security risk analysis and management, policies, training of all employees, and ongoing HIPAA compliance audits. While both ideals exist, they are in the minority.<\/p>\n

In these cases, the weighing of the pros and cons falls back to the risk analysis and management to choose the best option that will maintain ePHI confidentiality, integrity, and availability.<\/p>\n

\"HIPAA<\/a><\/p>\n

Read more in our free HIPAA Compliant Data Centers white paper<\/a>\u00a0– download it today!<\/strong><\/p>\n

References:
\nHIPAA Security Series: Basics of Risk Analysis and Risk Management<\/a> (PDF)
\nU.S. Dept. of Health and Human Services, Federal Register Part II<\/a>
\nAttorney General Swanson Sues Accretive Health for Patient Privacy Violations<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Our HIPAA hosting and HIPAA compliant data center white paper provides a\u00a0description of a\u00a0HIPAA compliant data center\u00a0IT architecture, contractual requirements, benefits\u00a0and risks of data center outsourcing, and vendor selection criteria. Section 2.0 discusses the impact of HITECH and HIPAA on data centers: Protecting the confidentiality, integrity, and availability of electronic protected health information (ePHI) is the essence of the HIPAA Security Rule1. Since data centers typically store, transmit, or process ePHI, they must comply with the HITECH standards and citations to meet HIPAA compliance. The same risk analysis, administrative safeguards, physical safeguards, technical safeguards, and ongoing due diligence apply just as much in the data center as in a provider\u2019s facility. While there is some debate about the responsibilities of business associates for the protection of ePHI, all indications point toward business associates being held as responsible as covered entities. Consider the latest notice of proposed rulemaking that speaks to the extension of responsibilities from covered entities to business associates: As with the Privacy Rule, the Security Rule requires covered entities to have contracts or other arrangements in place with their business associates that provide satisfactory assurances that the business associates will appropriately safeguard the electronic\u00a0protected health information they receive,…<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-1891","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"\nThe Impact of HITECH & HIPAA on Data Centers | OTAVA<\/title>\n<meta name=\"description\" content=\"Our white paper provides a\u00a0description of HIPAA compliant cloud data center\u00a0IT architecture requirements, benefits\u00a0and risks, and vendor selection criteria.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Impact of HITECH & HIPAA on Data Centers\" \/>\n<meta property=\"og:description\" content=\"Our white paper provides a\u00a0description of HIPAA compliant cloud data center\u00a0IT architecture requirements, benefits\u00a0and risks, and vendor selection criteria.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2012-04-26T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/hipaa-white-paper.gif\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"The Impact of HITECH & HIPAA on Data Centers\",\"datePublished\":\"2012-04-26T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/\"},\"wordCount\":528,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/hipaa-white-paper.gif\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/\",\"url\":\"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/\",\"name\":\"The Impact of HITECH & HIPAA on Data Centers | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/hipaa-white-paper.gif\",\"datePublished\":\"2012-04-26T00:00:00+00:00\",\"description\":\"Our white paper provides a\u00a0description of HIPAA compliant cloud data center\u00a0IT architecture requirements, benefits\u00a0and risks, and vendor selection criteria.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/#primaryimage\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/hipaa-white-paper.gif\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/hipaa-white-paper.gif\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Impact of HITECH & HIPAA on Data Centers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"The Impact of HITECH & HIPAA on Data Centers | OTAVA","description":"Our white paper provides a\u00a0description of HIPAA compliant cloud data center\u00a0IT architecture requirements, benefits\u00a0and risks, and vendor selection criteria.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/","og_locale":"en_US","og_type":"article","og_title":"The Impact of HITECH & HIPAA on Data Centers","og_description":"Our white paper provides a\u00a0description of HIPAA compliant cloud data center\u00a0IT architecture requirements, benefits\u00a0and risks, and vendor selection criteria.","og_url":"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/","og_site_name":"OTAVA","article_published_time":"2012-04-26T00:00:00+00:00","og_image":[{"url":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/hipaa-white-paper.gif","type":"","width":"","height":""}],"author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"The Impact of HITECH & HIPAA on Data Centers","datePublished":"2012-04-26T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/"},"wordCount":528,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"image":{"@id":"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/hipaa-white-paper.gif","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/","url":"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/","name":"The Impact of HITECH & HIPAA on Data Centers | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/#primaryimage"},"image":{"@id":"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/hipaa-white-paper.gif","datePublished":"2012-04-26T00:00:00+00:00","description":"Our white paper provides a\u00a0description of HIPAA compliant cloud data center\u00a0IT architecture requirements, benefits\u00a0and risks, and vendor selection criteria.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/#primaryimage","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/hipaa-white-paper.gif","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/hipaa-white-paper.gif"},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/the-impact-of-hitech-hipaa-on-data-centers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"The Impact of HITECH & HIPAA on Data Centers"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/1891","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=1891"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/1891\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=1891"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=1891"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=1891"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=1891"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}