Is Rackspace HIPAA Compliant?

Rackspace is HIPAA compliant for “HIPAA-eligible services” provided that the services are configured to support HIPAA compliance, that all traffic between a customer and Rackspace is encrypted, and that the customer agrees to Rackspace’s HIPAA Addendum to the Terms of Service.

Rackspace Technologies has evolved from being a garage-based web hosting company to a global provider of managed services across all the major public and private cloud technologies.  The company still provides a web hosting service, and operates forty data centers and two security operations centers to support the needs of customers in 120 countries.

For customers in the U.S. healthcare industry, Rackspace offers a range of options from HIPAA compliant web hosting to the fully managed Rackspace Healthcare Cloud. Customers can choose to use Rackspace’s services as standalone options, or use them on top of HIPAA covered services provided by companies such as AWS, Azure, and Google Cloud Platform.

Why Use Rackspace for HIPAA Compliance?

The benefits of using Rackspace for HIPAA compliance vary depending on each organization’s existing presence in the cloud, its cloud management capabilities, and security challenges. Rackspace claims that by migrating data to the Healthcare Cloud, covered entities and business associates benefit from greater security, scalability, mobility, and cost savings.

It is not necessary to move every operation to a Rackspace hosted service to achieve benefits. Many healthcare organizations run Microsoft Exchange through Rackspace Hosted Exchange to take advantage of back office services such as advanced antivirus and malware protection, business intelligence tools, automated email archiving, and industry leading customer support.

Making Rackspace HIPAA Compliant

The process of migrating data or applications to Rackspace and making Rackspace HIPAA compliant varies according to the “HIPAA-eligible services” being subscribed to. However, before migrating PHI to any Rackspace hosted service it is important to agree to Rackspace’s HIPAA Addendum – which is effectively the same as a Business Associate Agreement.

The HIPAA Addendum is standard for all covered entities and business associates that want to create, collect, maintain, or transmit PHI in the cloud and is similar to Agreements offered by most other large cloud service providers. However, under Section 5 of the Addendum, it is a requirement of the Addendum that covered entities and business associates encrypt PHI before transmitting it to a Rackspace service.

Rackspace Always Happy to Answer Questions

If your healthcare organization is considering a move to the cloud – or looking to extend its existing presence – Rackspace could be worth investigating. The company has years of experience in providing secure hosting environments and is ISO 2701, SOC 2, NIST 800-53, and  HITRUST CSF Certified for services provided to the healthcare industry.

Rackspace representatives are available around the clock to answer any questions you may have about Rackspace, HIPAA compliant hosting, and managed cloud services, and to discuss the most suitable options for you. Alternatively, you can speak with an independent compliance expert with experience of managed services in private, hybrid, and multicloud environments.