Rackspace is a cloud computing company based in Windcrest, Texas that provides public cloud and email hosting services. Many companies use the firms hosting services, but how about HIPAA-covered entities? Can Rackspace hosting be used without breaking HIPAA Rules? Does Rackspace support HIPAA compliance and is Rackspace willing to sign a business associate agreement (BAA) with HIPAA covered entities?
Rackspace has acquired HITRUST and HITRUST CSF certifications which show that the company satisfies the data and privacy security standards required by HIPAA for managed private, public and hybrid clouds. The company utilizes extended SSL encryption and complies with PCR DSS data security specifications.
Rackspace knows that by letting healthcare institutions to use its products and services, the company is classified as a HIPAA business associate and is required to sign an business associate agreement. Rackspace has prepared a BAA covering its dedicated hosting solutions. The BAA is included, by default, for all healthcare organizations using its dedicated hosting solutions
Because Rackspace is prepared to enter into a BAA with healthcare providers and has put in place all the required safety measures on its hosting services to be sure that healthcare providers can use them without breaking HIPAA Rules, Rackspace can consequently be regarded as a HIPAA complaint hosting firm.
Nevertheless, it is the responsibility of users to make certain that the hosting services have been correctly configured. Rackspace is unable to ascertain whether its consumers are using its hosting solutions in a way that is in accordance with HIPAA Rules and cannot guarantee that all requirements of HIPAA are satisfied and appropriate safeguards are in place. That said, Rackspace offers technical support to healthcare organizations that wish to use its services to help them use its services in a HIPAA compliant manner.