HIPAA Vault’s Strategy to Lure Healthcare into the Cloud
By Gil Vidals, ,

Healthcare is one of the most difficult markets for cloud providers to crack. Under the U.S. government’s Health Insurance Portability and Accountability Act (HIPAA), security and confidentiality are critical issues. The large, well-known cloud providers have made few inroads into this market because they have been unwilling to invest the time and resources to reassure healthcare customers that the security is there.
HIPAA Vault is a little-known, privately-held cloud service provider that has carved out a highly successful niche giving healthcare organizations just what they need to feel confident in the cloud. The ride for HIPAA Vault has not always been smooth. Based in San Marcos, a suburb of San Diego in southern California, HIPAA Vault began life in 1997 as a hosting service provider. Founder and Chief Executive Officer Gil Vidals told The Daily Cloud that the company went through different iterations and growing pains until it found its current strategy. “We found that competition based on price alone gave us very low profits. So, we re-tooled our business, built on our knowledge of security and virtualization and found a niche – secure cloud hosting for companies that require HIPAA – compliant hosting.”

Today, HIPAA Vault helps customers maintain HIPAA compliance through rigorous security protocols and managed hosting solutions. HIPAA compliance is required by companies providing services that deal with electronic patient health information (e-PHI) and electronic medical records (EMR). EMRs can include a wide range of sensitive personal, financial, and medical information. HIPAA Vault invests in a broad range of technologies and techniques to deliver a highly secure infrastructure. “Methodologies used include offsite backups, two-factor authentication, log management, vulnerability assessment scanning, web application firewalls (WAF), anti-DDoS protection, network perimeter firewalls, and multi-tenant isolation,” Vidals explained. “In addition, HIPAA organizations should also ensure that their hosting provider maintains the following audits and certifications: SSAE 16 SOC 1 Type 2, SOC 2 Type 2, and SOC 3 Type 2.”

HIPAA Vault’ primary competitors are large cloud providers like Amazon Web Services (AMZN), Microsoft Azure (MSFT) and Rackspace (RAX). But these companies have shown little sign of focusing on the unique requirements of healthcare. “Most of our competitors have very broad scope,” Vidals said.
In addition to all the security, customer service is also a key element of HIPAA Vault’ appeal to customers. “We win customers with our technical support,” Vidals said. “We answer the phone when clients call, we include support at no additional cost in all of our plans and we do this at an affordable price. HIPAA clients tell us how important it is to have a higher level of service and we deliver on that with our products and service.”

A Business Associate Agreement (BAA) is often a critical stumbling block for cloud providers trying to get into healthcare. Most large cloud providers will not sign one, because it obligates the cloud provider to provide a financial guarantee for any penalties that result from breaches of HIPAA. “HIPAA Vault offers and signs BAAs with all of its HIPAA clients,” says Vidals. “This gives us a competitive edge as we back our service with a guarantee.” Currently, HIPAA Vault has about 5,000 customers and annual revenue in the single-digit millions, Vidals said.

One HIPAA Vault customer is eMedical Companion — a company that develops healthcare related IT products and services. Founded in 2011, eMedical Companion offers products that help healthcare providers and institutions improve the quality of patient care as well as patients with chronic diseases manage their diseases more effectively. Its products include software for Electronic Health Records, Assisted Living Software and Hospital Management Systems. Its customers are patients, physicians and other healthcare providers and institutions.

Shumeen Saleheen, President of eMedical Companion told The Daily Cloud, “HIPAA Vault works as our IT Team, otherwise we would need at least one Tech Ops Engineer to maintain our network and keep our servers running. HIPAA Vault provides us with advice about security issues and customer support. HIPAA Vault has helped us significantly over the past 3 to 4 years.”
For the future, Saleheen is excited about the company’s growth prospects and expects sales to accelerate. He said, “We are developing some unique healthcare related products and services that can be used by the patients, healthcare providers and institutions in USA and around the world. Though eMedical has only been in business for about four years, it has been growing by about 30% year on year and already has customers in 20 different countries.

In 2012, HIPAA Vault won a contract to provide secure hosting for a Department of Defense contractor. That launched the company’s entry into the government sector, another growth area for HIPAA Vault. According to Vidals, revenue grew by 100% in 2012 and 2013. Last year growth slowed down to 50%. He’s bullish on the outlook for this year, and is considering expanding into one or two more data centers, in addition to the two facilities he has now, in California and Arizona. He views healthcare as his primary target market for years to come. But he adds that healthcare organizations will continue to move slowly into the cloud: “As long as people are reading the headlines about security breaches in the cloud, companies will continue to be cautious.”
Melanie Grano | Daily Cloud Info