Artboard
Ottomatic Cloud ConsoleOttoFMS Docs

Hosting

HIPAA Hosting

Ottomatic HIPAA Hosting

While databases are not inherently HIPAA-compliant, cloud hosting providers can deliver the cloud services and database management services required to make compliance easy. HIPAA legislation requires organizations to implement the following to ensure compliance:

  • Access control

  • Data encryption

  • Audit logging

  • User authentication

  • Data backups and disaster recovery

  • Business Associate Agreements (BAA)

To maintain a HIPAA-compliant server, you must follow a distinct set of guidelines. You should:

  • Fully encrypt your data at rest and in transit

  • Harden the operating system and close any not used ports

  • Enforce unique user authentication and multi-factor authentication

  • Maintain audit logs

  • Perform regular, fully encrypted server backups

  • Assign appropriate user roles and privileges

  • Perform vulnerability scans regularly to ensure no gaps are missed

  • Utilize anti-malware, file scanners, network scanners for ongoing HIPAA compliance monitoring to ensure no breaches occur

Sensitive data can be stored using HIPAA-compliant cloud services if the necessary technical safeguards are met by the HIPAA-compliant hosting provider, such as having encryption enabled, a signed BAA in place, and access controls for HIPAA-compliant data centers and infrastructure.

Instance typesCloud Console