Protect Sensitive Patient Information with HIPAA Vault
By Gil Vidals, , HIPAA Blog

Healthcare organizations face somewhat of a double whammy when it comes to digital security. Not only do they have to protect their businesses from ever-growing threats — including sophisticated phishing schemes, DDoS attacks, and ransomware — but they must do so in compliance with strict government regulations.

In 1996, the Health Insurance Portability and Accountability Act (HIPAA) was enacted in the U.S. by President Bill Clinton to protect sensitive patient data within the healthcare system. At the end of the Great Recession, as part of the American Recovery and Reinvestment Act of 2009 (ARRA), the Health Information Technology for Economic and Clinical Health Act (HITECH) was signed into law by President Obama.

HITECH served to bolster HIPAA through a nationwide network for electronic health records while extending the legislation to business associates that handle or disclose personal health records. In addition, both HIPAA and HITECH introduced steep financial penalties for violations based on perceived negligence, with a maximum penalty of $1.5 million per year for violations of an identical provision.

Needless to say, between fines and reputational damage, these violations have the potential to destroy a business — making it essential to partner with a trusted technology provider. With that in mind, it’s no coincidence that HIPAA Vault entered the HIPAA-compliant hosting space after years of building customer trust.

The company’s Founder and CEO, Gil Vidals, got into the hosting business in 1997 with a focus on offering affordable solutions backed by stellar support. But it wasn’t until 2010 — a year after the introduction of HITECH — that he found his niche in HIPAA compliance.

“A client of mine called and said, ‘We have medical data, and we need to comply with HIPAA regulations,’” Gil told us. “He said, ‘We like the way you handle business, and we trust you to learn what you need to do to keep our data safe.’”

Gil did just that — and word traveled quickly. Today, HIPAA Vault is devoted to helping practitioners, developers, and enterprises safeguard their private medical data. The company’s HIPAA-compliant cloud services protect healthcare organizations from compliance violations and costly penalties. In addition, through a hands-on customer service approach, HIPAA Vault serves as an extension of a company’s staff, rather than simply a vendor.

Safeguard Your Private Medical Data from Costly Exposure

It can be hard not to feel like all news is bad news when you’re scrolling through your media feed — and even more so when you’re reading about tech. The story is almost always the same: Another day, another breach.

“It makes people sick to their stomachs, and that’s why trust is so important,” Gil said. “Business leaders want to sleep at night knowing that their sensitive medical data is protected rather than lying awake in fear of being sued.”

If the company’s 22 years in the business serves as an indication of its reliability, it seems to be successful in that regard — especially when you consider that an estimated 50% of companies fail within the first five years and about 70% fail within 10 years. Gil believes HIPAA Vault was able to overcome those odds through hard work, persistence, and just a little bit of anxiety-driven motivation.

“It’s very challenging to thrive in such a competitive industry,” he said. “I like to follow the advice offered by Founder and Former CEO of Intel Andrew Grove in his book, ‘Only the Paranoid Survive’ — we have to wake up every day and consider what we have to do to remain in business. Considering our longevity, it’s clear that we’re a little paranoid, and that’s a good trade.”

The company also takes a considered approach to the latest trends. Gil said it’s easy to be lured by flashy new technology at the cost of your overall mission. “There has to be a balance between refining the tools that allow us to host medical data and straying too far from our wheelhouse and what has made us successful,” he said.

World-Class Solutions for Practitioners, Developers, and Enterprises

HIPAA Vault offers a range of cloud solutions tailored to the various parties that fall under the HIPAA compliance umbrella. The company serves single practitioners and medical offices through affordable and compliant cloud solutions; partners with developers, agencies, and IT professionals by providing solutions for their teams and clients; and offers advanced hosting environments supporting custom enterprise-grade deployments.

Gil said the company’s main differentiator is its ability to resolve 90% of issues within a single support request while going above and beyond the call of duty. “There’s a lot of fear among my colleagues in the industry to help at the application layer,” he said. “But you have to consider what happens when the phone rings and the customer says, ‘Look, man, it’s just slow. I don’t know what’s happening, but it must be the hosting provider.’”

That’s when HIPAA Vault digs in deep, reviewing logs, databases, and programs to discover the source of the problem — even if it’s not related to the service HIPAA Vault provides.

“When companies draw a hard line and refuse to go past the infrastructure, then that just frustrates the client,” Gil said. “They want a solution. Yes, it takes up your engineer’s time, but if you don’t provide one, you’ll be blamed anyway and lose them to the next provider.”

The company is also careful not to fall into the trap of overselling products to its customers. Gil prefers to focus on fostering long-term relationships. “It builds trust when you say, “We’re going to sell you this smaller plan, and if you need more resources, we will go up higher,’” he said. “People respect that more than just selling a big plan right off the bat.”

Working as a True Extension of Your Team

Gil said customers see HIPAA Vault as much more than a vendor. The company has turned customer service into an art form: Employees know clients by name, the company holds quarterly business reviews for them, and 24/7 support is a given.

“It really feels like we’re an extension of their IT team compared with other companies where you call, offer your account ID, and spend five minutes just describing who you are,” he said. “That doesn’t feel very warm and fuzzy to me — and I think the emotional aspect is important.”

Support specialists are trained to ensure customers are completely satisfied with their current service at the start of each call. If the answer is “No,” the next step is to listen carefully to determine what will make them happy. In terms of call response, HIPAA Vault aims to return all unanswered calls within 15 minutes. If customers open a ticket or enter a chat, the goal is to respond within 15 minutes as well.

Gil said 90% of the time, the person who picks up the phone is able to resolve the customer’s issue. “We don’t believe in staffing tier 1 support people, so you start at a much better level, and the chances they’re going to solve your problem are much higher,” he said. “That’s satisfying to people.”

In the rare case that the support team fails to resolve an issue, customers can call Gil’s personal cell number — but he hardly receives any calls. “People don’t want to give their numbers out because they don’t want to be bothered,” he said. “But if you’re doing things right, you’re not going to get bothered anyway.”

A Company Culture-Centered on Communication and Forgiveness

Gil compared the company culture at HIPAA Vault to an engine with high-quality parts manufactured to fit together seamlessly. Without oil, the metal components will rub against each other causing severe damage.

“Our team understands that we need two drops of oil in the engine to operate smoothly,” Gil said. “The first is communication, and the second is forgiveness — and those two drops of oil make that engine hum.”

In addition to happier customers, this positive atmosphere helps minimize employee turnover. “Another piece of the puzzle is keeping your staff around,” he said. “Training people and then having them leave after six months or even a year is a losing game.”

After 22 years of success in HIPAA-compliant hosting, HIPAA Vault clearly has a preference for winning.