Liquid Web and HIPAA Compliance

Healthcare groups seeking a hosting solution may identify Liquid Web as a possible vendor, but is Liquid Web HIPAA compliant?

Can its cloud management services be used by HIPAA-covered bodies for hosting applications and projects that include electronic protected health data?

Any healthcare group that wishes to use the cloud to host applications that use the protected health information (PHI) of patients must choose a vendor whose service includes security measures to ensure the confidentiality, integrity, and availability of ePHI that meet the requirements of the HIPAA Security Rule.

Cloud service suppliers, including hosting firms, are classified as business associates since they possibly have access to their clients’ information. While many cloud service providers believe they do not access customers’ data, they are still classified as business associates. HIPAA-covered bodies and their business associates must therefore complete a business associate agreement with the service supplier before any ePHI is uploaded to the cloud.

Liquid Web has been supplying hosting solutions to SMBs for 20 years. In 2017, the company completed an independent audit of its hosting services to assess compliance with HIPAA/HITECH rules. While there is no official HIPAA compliance certification, the accounting company UHY LLP did certify that the company has put in place appropriate administrative, physical, and technical security measures to satisfy HIPAA Rules. Liquid Web has also passed EU- US and Swiss-US Privacy Shield audits, SOC 1, 2, 3 attestations, and PCI Service Provider recertification.

Liquid Web is willing to complete business associate agreements with HIPAA covered bodies that require hosting services for web content and applications that include PHI. The BAA incorporates its single server and multiple server hosting facilities.

The privacy and security controls adapted by Liquid Web allow HIPAA covered bodies to ensure their data is secure and always accessible. Liquid Web can be a HIPAA compliant hosting service, provided access, security, and audit security measures are set properly and a signed business associate agreement is completed beforeto use of the hosting services in relation to any ePHI.