HIPAA-compliant Secure Hosting

HIPAA Compliance

WordPress, LAMP

WordPress, CMS—LAMP Stack

  • Solid, reliable technology for popular platforms: WordPress, Joomla, Drupal, and others
  • Linux: CentOS
  • Apache v2.4.x
  • MySQL (actually MariaDB) v5.5.x or 10.2.x
  • PHP v7.3.x (and Perl and Python)
  • Optimized for speed! Get 4+ GB RAM on your server

SSL/TLS Transport Encryption

Multiple Firewalls

  • Hardware or network firewall
  • On-server software firewall
  • Web-based software firewall management tools
  • Account-specific access control tools
  • Server monitoring integrated with the firewall
  • Optional: CloudFlare

VPN: Virtual Private Network

  • Connect yourself to LuxSci over a direct VPN
  • Secure MySQL and other client-server connections
  • Lock down management of your critical infrastructure
  • Discover: VPN Access

Enterprise Class Servers

  • Is maximum reliability critical for you?
  • Dedicated, encrypted SAN storage
  • Dedicated hypervisor cluster
  • VMWare vMotion keeps you up when hardware fails
  • Optional: Physical hardware, dedicated firewalls and load balancers

Compare Plans

LuxSci provides Secure Hosting solutions on dedicated Linux servers.

Feature Dedicated Custom Enterprise
Security & privacy
For custom enterprise environments, you get to choose the security features that you want included.
Performance & reliability
For dedicated servers, you get to size the server to match your performance requirements. For custom enterprise environments, you get to choose the reliability features that you want included.
Server type
Business Class Enterprise/Custom
HIPAA Compliance Available?
USA or Custom Texas, USA

*Business Class dedicated servers can be provisioned in RackSpace and Amazon data centers around the world if requested by the customer. There may be an additional setup fee for a non-standard location.

Maximum Disk Space
2 TB unlimited
Full-disk Encryption
Multiple layers of firewalls

Enterprise class servers and Business Class servers at RackSpace enjoy software firewalls and redundant HA hardware firewalls.

Business Class servers at Amazon enjoy software firewalls and AWS Security Group logical network firewalls.

Backups included?
Standard backups of your server data are included. These include 7 daily on-site backups and 4 weekly off-site backups.
Custom backup/retention schedules?
Dedicated server customers can choose custom backup frequencies and retention schedules; this may come with an additional cost. Contact sales for more information.
Account isolation: No other LuxSci customers have access to your server. No shared servers.
In a shared solution, many 100s or 1000s of separate customers share the same server. Security replies on logical and software partitioning of access and resources. Shared solutions are inherently less secure, have less consistent performance, but are less expensive. Dedicated servers are recommended for when security and consistent performance are important. Only dedicated servers are available for web hosting customers.
Server isolation: All servers running on the same hardware belong to LuxSci. No public cloud servers.
In the Business Class environment, your server is in a Public Cloud. This means that other servers running on the same underlying hardware (hypervisor) may be owned by organizations unrelated to LuxSci. This provides some security risk compared to use of LuxSci's Private Cloud Enterprise Class environment, where LuxSci owns the underlying hardware and is in control of all servers running on it. Additionally, the Business Class environment may have less consistent performance due to the possibility of "noisy neighbor" servers outside of LuxSci's control.
Ultra-reliable: proof against hardware failure
Enterprise Class servers are virtual machines that run on a redundant VMWare cluster. If one of the underlying hypervisors should have a hardware issue, all servers running on it are immediately rebooted on another hypervisor, limiting potential downtime to seconds.

Choose Enterprise Class when server uptime is a very high priority.

Multiple servers/server clusters
Starting Price
Order Contact

Custom Enterprise Solutions

Custom large-scale solutions

Custom solutions can be tailored for very large numbers of web sites, amounts of web traffic, high availability, high security, and business continuity. They can include:

  • Redundant high-availability dedicated hardware firewalls
  • Redundant high-availability dedicated load balancers
  • Network-based intrusion detection systems
  • DDOS Protection up to 100 Gbps
  • Redundant, load-balanced outbound email sending servers
  • Redundant, load-balanced web/application servers
  • Dedicated databases with replication and failover
  • System isolation and capacity scaling
  • Encrypted SAN storage arrays
  • Database replication
  • An additional disaster recovery footprint in a different data center

If a custom solution might be right for you, talk to a LuxSci Expert.

Server Options

LuxSci offers standard levels of dedicated servers in both the Business and Enterprise Classes. You can choose the one right for your size, needs, and budget. You can upgrade/downgrade these servers with little effort and little downtime. You can combine multiple servers to create custom high-availbility solutions.

Business Class Server Options

Amazon Web Services Public Cloud

Server Type CPU RAM Max Network Speed Disk Included Bandwidth Included
Medium 2 Cores 4 GB 250 Mbps 100 GB 600 GB/mo
Large 2 Cores 8 GB 400 Mbps 100 GB 800 GB/mo
X-Large 4 Cores 16 GB 700 Mbps 100 GB 1 TB/mo
2X-Large 8 Cores 32 GB 1 Gbps 100 GB 1.2 TB/mo
4X-Large 16 Cores 64 GB 1 Gbps 100 GB 1.2 TB/mo

Enterprise Class Server Options

Private VMWare Cluster and SAN at RackSpace

Server Type CPU RAM Max Network Speed Disk Included Bandwidth Included
Medium-1C 1 Core 5 GB 1 Gbps 50 GB 10 TB/mo
Large 2 Cores 8 GB 1 Gbps 100 GB 10 TB/mo
X-Large 4 Cores 16 GB 1 Gbps 100 GB 10 TB/mo
2X-Large 8 Cores 32 GB 1 Gbps 100 GB 10 TB/mo

Other server sizes (e.g., very large memory), physcial servers and clusters, dedicated firewalls and other hardware are available. Additional disk space is an upgrade. Contact sales for details.

Choosing Your Server's Size

What server size is best for you? You can use the table, below, to see what works particular needs. If you want to do multiple things (e.g., 50 power email users plus a low traffic web site), we recommend going up to the next size as the "minimum" recommended for just one of these may have degraded performance when you do two or more. If you just want better performance or room to grow quickly and easily, choose a larger size. We can also re-size your server later you need more power.

Note: Any database-driven web site must be on a server with at least 2 GB of memory. Web sites built on a CMS such as Wordpress, Joomla, Drupal, etc., should be on a server with at least 4 GB of memory, as these systems are memory hogs and can perform poorly on small servers. A "Micro" just does not have enough memory.

Recommended Size for secure web hosting

  2+ GB Ram 4+ GB Ram 2+ Cores 4+ Cores
Anti-virus scanning
Very low traffic/static
CMS: Wordpress, Joomla, Drupal, etc.
Moderate traffic
Low traffic and compute intensive
Moderate traffic and compute intensive
High traffic

I originally came to LuxSci for email hosting, and started a simple web page which turned from a joke to a public craze of visitors almost overnight! I was able to upgrade bandwidth and disk space without having to call someone or wait 2-3 business days for my changes to take effect. I've tried free web hosts and expensive web hosts (over $250 a month) that still don't allow instant upgrades and changes to users accounts. I've never had comparable service to LuxSci either! These guys never sleep!"

Aaron Tucker, Oooers

FAQs: Perhaps you were wondering...?

No. LuxSci provides managed Linux-based dedicated servers for web hosting.

Yes. It is common for customers to run WordPress on LuxSci servers. Note that you do need to choose a server with a minimum of 2 GB of RAM to run WordPress, or any other database-driven CMS. 4 GB servers will have great performance.

LuxSci does not currently provide a WordPress migration service. We will install a fresh version of WordPress for you. We would suggest that you have your web designer (i.e. the one in charge of designing and maintaining your current WordPress site) assist you in any migrations. S/he may find the WordPress Duplicator plugin very useful for quickly migrating WordPress sites between providers.

Yes, LuxSci will provide non-root SSH access to your server. This is granted only upon request, for security reasons. You can make this request via a Support Ticket.

LuxSci web hosting is a managed service. For security reasons, we do not grant root or sudo-root access to customers.

While you can not edit this file directly, LuxSci support can make requested modifications to it upon request. These modifications are first vetted to ensure that they do not hurt your server's security level.

LuxSci provides custom web site and database management tools (not cPanel) for this purpose. LuxSci also provides a server management tool where you can edit your iptables firewall and view current and historical reports on CPU, RAM, and Disk usage.

Enterprise Class servers have their data stored on a private SAN where all disk partitions are always encrypted. Regular AWS-based Business Class servers also use full-disk encryption. Old-style (RackSpace-based) Business Class servers can not have their main operating system disk encrypted; however, if you purchase additional disks and request it, these additional disks can be encrypted and all of your data can be stored on them. See: Enterprise vs Business Class.

Yes. See Standard Backups. We can also set up custom backup and retention schedules for you.

Yes. You would submit your cron job to support for review and they would configure it for you on your server.

LuxSci will review each request for custom software installation and determine if it will be permitted. For things that you can download yourself, build yourself, and install in your own directory tree -- you are welcome to do that. For things that need to be installed server-wide, these will need to be approved by operations and then installed by operations. Things that require manual installations (i.e., which are not in the standard CentOS YUM repositories) way incur a consulting fee to install. If you want to be sure about specific packages, please inquire.

NOTE: LuxSci does not support and will not install: nginx, node.js, PostgreSQL, JAVA servlets, .NET, Mongodb, and ruby on rails. Our web hosting platform is strictly a CentOS Linux-based Apache, MySQL/MariaDB (including NoSQL), PHP/Perl/CGI system.

Other questions? Call Sales

Dedicated, managed Linux Web hosting

Unfortunately, unsecured web servers are intriguing and accessible to determined hackers. So when it comes to managing the large amounts of traffic your site receives, you must make security a top priority. LuxSci's dedicated web site hosting ensures the protection of your online presence with maximized security and capacity. A dedicated server provides space and resources just for you, as opposed to the watering hole of a traditional shared server.

In addition to increased privacy, dedicated web site hosting also offers increased security. For instance, if another users' server is attacked or hacked, you're much less likely to experience collateral damage. Increased reliability arises from the fact that you don't have to share memory, CPU, network, disk space, or other resources. And, dedicated servers are best for accounts that need large amounts of storage or other resources. Does this sound like the type of infrastructure that's right for your business?

HIPAA-compliant Web Sites

LuxSci dedicated secure web hosting services, in conjunction with a HIPAA-compliant account, provides a HIPAA-compliant infrastructure where you can host HIPAA-compliant web sites.

HIPAA-compliant web hosting provides:

  1. Dedicated - dedicated virtual private servers for enhanced security and flexibility.
  2. Forced Secure Connections - Your connections to FTP and MySQL (to manage your data) are forced to always be secure.
  3. Web Site SSL/TLS Support - SSL for your web site so that, if you are transmitting ePHI, you can do that securely. This includes NIST-recommended ciphers, HSTS support, SNI, and more.
  4. Databases - Storage of ePHI on our hosted databases is permitted and compliant.
  5. Reporting - Access and auditing reports of your access to our system and management of your web sites are available. Raw web site logs are also available for your analysis.
  6. Firewalls - Multiple levels of firewalls included with all servers.
  7. Intrusion Protection - Our Intrusion Protection system alerts LuxSci staff to any issue on your server.
  8. HIPAA Infrastructure Requirements - LuxSci takes care of the HIPAA infrastructure requirements regarding media disposal, backups, restores, and related things for you.
  9. Business Associate Agreement

Does the nature of your business call for HIPAA compliance? LuxSci's dedicated web hosting servers provide a HIPAA-compliant web infrastructure where you can host HIPAA web sites. The isolated nature of the dedicated server provides enhanced security and flexibility from hackers. You can use TLS to ensure a secure connection between your website and its visitors. We also offer auditing reports for your web sites and your access to our system. With highly secure redundant firewalls and our intrusion protection system, you can rest assured that if there is an issue on your server, we will be alerted.

LuxSci's dedicated HIPAA-compliant web hosting services provide you with your own protected island on the web. You have the ability to host and share information on a secure and isolated platform. Be sure to check out our dedicated server package and to look into our helpful HIPAA-compliant information to make sure you're always protected.

Your Role in HIPAA Compliance

Like any HIPAA web hosting solution where you have the ability to design your web site and upload your own scripts and programs, LuxSci provides a compliant environment and you are responsible for ensuring that your web site is designed and implemented in a secure and compliant fashion. I.e., this includes proper use of TLS when appropriate, access auditing and unique identity verification for visitors to your web site that acces ePHI, proper encryption of ePHI at-rest, etc. For further information, please see the following documents.

Learn more

eBook: HIPAA-compliant Website Basics

What healthcare organizations need to know about HIPAA-compliant web sites

Book 2 in the LuxSci Internet Security Series.

Created by Erik Kangas, PhD

Get the HIPAA eBook