fbpx
03
Nov
2020

A HIPAA Compliant, Multi-Server Environment

By Stephen Trout
HIPAAenvironment

A HIPAA compliant environment is an essential part of protecting and preserving sensitive medical data in the face of increasing malicious attacks. HIPAA Vault’s multi-layered approach to managed security maximizes the protections and updates you need to keep your servers safe – essential for business processes and patient safety.

A multi-server approach segregates critical services and data, reducing the risk of a breach. This is crucial, particularly in light of a recent study which demonstrated that nearly a third of the healthcare databases surveyed were exposed to the internet and putting patient data at risk. 

 

Your HIPAA compliant plan will therefore include a minimum of three servers: an isolated Web Server, Web Application Firewall (WAF), and a Database Server. Our IT Security Specialists expertly configure your server network with layers of “protective armor” – including access controls, encryption, and customized 24/7 monitoring – to guard against malicious attack.

System Security, Resource Utilization 

It is “best practice” for protected health information (PHI) to keep your database server separate from your website server. In this way, even if your public-facing web server were to be compromised, the database server would be inaccessible. 

Having dedicated website and database servers is smart for multiple reasons: not only is security increased, but each server’s resources can be provisioned and optimized independently to handle specific tasks. For example, your database server will have more available processing power (CPU) for handling queries, resulting in faster, more efficient database performance. In the same way, CPU-intensive queries to your database won’t have a negative impact on requests to your website. (Adding additional web servers with customized load balancing is also available, as required). 

Our 24/7 monitoring of resources and functionality also provides granularity: CPU, memory, disk and storage utilization, event logs, and more can all be observed and adjusted to maximize resources according to the particular parameters required. A more efficient use of resources translates into a more functional, cost-effective system, allowing us to pass the savings on to you. Server monitoring also allows real-time security configurations to be applied and vital security to be maintained, preserving data availability and integrity – key for HIPAA compliance. 

Web Application Firewall (WAF), Encryption, and Access Control

Maintaining the integrity of your system and preserving system uptime is further aided by a specially configured Web Application Firewall (WAF) server. Through customized security policies, a WAF provides proactive detection and blocking that protect your web servers from harmful applications, including SQL Injections, Buffer Overflow, Cross Site Scripting, and File Inclusion. In this way a WAF acts as a DMZ host, facilitating cloud-based server security in a multi-layered approach to protecting against vulnerabilities. 

Malicious actors target your apps because they deliver the sensitive content your users require. A WAF can be configured to filter out unwanted or harmful requests (traffic) while “whitelisting” only those web servers and applications that need access. Attacks are logged, assessed, and then mitigated. In this way a WAF adds a significant layer of protection against the attacks that lead to costly breaches of data.     

Conclusion

Separation of servers is just one important strategy with multiple advantages for a HIPAA compliant environment. As noted, encryption of data files adds yet another layer of security by making your data unreadable to those without an authorized encryption key. Finally, permissions to access the environment are carefully granted (using the “least privilege principle”) to only those who must handle PHI and so limit the potential for unauthorized activity. 

Taken together, all of these critical measures add up to a multi-layered approach to security that works 24/7/365 to preserve your critical data and important business processes.   

 HIPAA Vault is the leading provider of HIPAA compliant solutions, enabling healthcare providers, business organizations, and government agencies to secure their protected health information from data breaches, threats, and security vulnerabilities. Customers trust HIPAA Vault to mitigate risk, actively monitor and protect their infrastructure, and ensure that systems stay online at all times. In addition to providing secure infrastructure and compliance for health companies, HIPAA Vault provides a full array of HIPAA compliant cloud solutions, including secure email, HIPAA compliant WordPress, secure file sharing, and more.

 

Our certifications