LuxSci dedicated Web hosting services, in conjunction with a HIPAA compliant account, provides a HIPAA compliant infrastructure where you can host HIPAA compliant web sites.

HIPAA-compliant Web hosting provides:

  1. Dedicated - dedicated virtual private servers for enhanced security and flexibility.
  2. Forced Secure Connections - Your connections to FTP and MySQL (to manage your data) are forced to always be secure.
  3. Optional Web Site SSL - SSL for your web site so that, if you are transmitting ePHI, you can do that securely.
  4. MySQL - Storage of ePHI on our hosted MySQL databases is permitted and compliant.
  5. Reporting - Access and auditing reports of your access to our system and management of your web sites are available. Raw web site logs are also available for your analysis.
  6. Firewalls - Redundant hardware and software firewalls
  7. Intrusion Protection - Our Intrusion Protection system alerts LuxSci staff to any issue on your server.
  8. HIPAA Infrastructure Requirements - LuxSci takes care of the HIPAA infrastructure requirements regarding media disposal, backups, restores, and related things for you.

Your Role in HIPAA Compliance

However, as with any HIPAA Web hosting solution where you have the ability to design your web site and upload your own scripts and programs, LuxSci provides a compliant environment and you are responsible for ensuring that the web site itself is designed and implemented in a secure and compliant fashion. E.g. this includes things like use of SSL when appropriate, access auditing and unique identity verification, proper encryption of at-rest PHI, etc. For further information on this, please read:

HIPAA Web Sites

If you require HIPAA compliance because ePHI may be transmitted through or stored in your web site, then you can get HIPAA Web Hosting by:

  1. Order LuxSci SecureForm service with HIPAA Compliance. Use this order link to get started.
  2. Compliance Lock Down — LuxSci automatically locks down your new account with all of the security restrictions required for a HIPAA compliant infrastructure
  3. Business Associate — LuxSci co-signs its HIPAA Business Associate Agreement with you, as required by HIPAA Omnibus.

That's it — at this point you will setup your web site on our servers and ensure that you do this in a proper manner for compliance.

eBook — HIPAA-compliant Website Basics

What healthcare organizations need to know about HIPAA-compliant web sites

Book 2 in the LuxSci Internet Security Series.

Created by Erik Kangas, PhD

Get the HIPAA eBook

What People Say About LuxSci