Hosting without a Specialist Analogy

Transcript

Alicia: Hello everybody, welcome back! My name is Alicia Kay, and here we have Gil Vidals, the CEO of HIPAA Vault. So last week we talked about why people should go with a specialist over Google or Amazon when hosting their private health information. You mentioned a great analogy about a house, and the specialist has to take care of all the things such as moving the lawn, moving in, all that stuff, so what does that relate to in terms of being a specialist, what are some of the things that you have to do?

Gil: Yeah, the analogy I think was a good one because when you move in a house and you’re all excited you’re thinking, aw this is going to be great, but then you realize, “But wait a minute, someone has to cut the lawn, someone has to clean the pool, someone has to do the maid service, clean the toilets and the insecticide”. I mean the work is on and on and on if you’re going to keep your house beautiful, right? So what I was talking about is the things that we have to do, as a specialist, are tedious and very important to meet federal regulations. So for example, we have to review, we have to run a vulnerability scan and really review it carefully. If we find a gap, a security weakness, we have to get together with engineers and decide how are we going to solve that problem? The other thing is, we have to keep logs of those that are accessing the systems for many many many years. To keep that much data, you have to structure the networking in such a way that you can keep that data. That’s another thing. And then backups, people forget you can’t just keep backups, you have to have an offsite copy that goes into another location. So the list goes on and on and on, these are things that someone who’s just excited to move in is just going to move in and they’re not going to do all the extra work.

Alicia: Yeah, they don’t realize how much, that seems very intimidating, all that work. Okay, awesome, is there anything else that you wanted to add on this topic?

Gil: Well, I would say that it’s not to discourage people from to do it on their own, they can, some people can try that as long as they have the security training and they’re willing to spend the time on it. Certainly, they can do it, but they’d have to have a team probably of at least a dozen people or bigger before they’re at that level. I would say if they’re just under 10, 15 people, they probably aren’t going to try that on their own.

Alicia: Wow, I didn’t realize it took that much work.

Gil: Yeah, it’s a lot of work.

Alicia: OKay, awesome, thank you so much.

Gil: You’re welcome.