Liquid Web is a hosting solution provider that has been in the business for 20 years. Is it a HIPAA compliant vendor of cloud services? Can healthcare organizations use Liquid Web to host applications and projects in connection with electronic protected health information (ePHI)?
The HIPAA Security Rule requires healthcare organizations to choose carefully the cloud hosting services they use in connection with sensitive health data of patients. The vendor must provide services that implement safeguards to keep the integrity, confidentiality and availability of ePHI.
Cloud hosting services are also classified as business associates because they get potential access to patient’s health data. Even if these providers claim that they don’t access patient data, they are still considered as business associates. Therefore, a business associates agreement (BAA) is necessary when HIPAA-covered entities and business associates enter into a partnership and share ePHI.
Liquid Web has long been trusted by many SMBs as provider of hosting solutions. In 2017, the company had an independent audit of its hosting services to check its compliance with the HIPAA rules and HITECH Act. There was no official HIPAA compliance certification issued, but the accounting firm UHY LLP certified that the company satisfactorily met the administrative, technical and physical safeguards requirement of HIPAA. Liquid Web also has been certified to pass the EU-US and Swiss-US Privacy Shield audits, SOC 1, 2, 3 attestations and PCI Service Provider recertification.
Liquid Web also signs BAAs with HIPAA covered entities that use its hosting services for applications, web content and protected health information. The BAA covers both single server and multiple server hosting services.
In summary, Liquid Web offers a HIPAA compliant hosting service to healthcare organizations because it implements privacy, audit and security controls required by HIPAA to ensure the security and availability of PHI. Liquid Web is also ready to sign a business associate agreement prior to the use of their hosting services by HIPAA covered entities.