Neither HIPAA nor HITECH call for specific technical measures to assure data is available, accurate and secure. However, we recommend many of the same procedures and technologies we deploy for ourselves and for which we have had a HIPAA audit to clients who are going to be audited/required to pass a HIPAA audit. This includes:
- Private Firewall services (either a Virtual or Dedicated Firewall) with VPN for remote access
- Managed Cloud Server (good for the availability issue)
- Production: Separate database and web servers
- Separate test server (can use one for web and DB but not same as production)
- Offsite Backup at a minimum, IT Disaster Recovery is better
- SSL certificates and HTTPS for all web-based access to PHI
- Setup private IP addresses.