SingleHop Review – HIPAA Compliant Hosting
In this SingleHop review I will take a more in-depth look into their HIPAA compliant hosting solution. I will go through their product offering, and their included services and level of support. And I will make a sample price calculation for a typical server offering. I also sent SingleHop a couple of questions to get to know them and their solutions even better, and you will find their answers in this SingleHop review.
HIPAA Compliant Hosting Setup
SingleHop chooses to tailor their offering to each customer needs, based on the intake they have with the prospective customer. Therefore there is no default configuration. But, as you can read from the interview below, a typical setup includes a firewall and two servers completed with storage, backup and security software. Specifications are defined on what is required by the customer.
Included services and level of support
SingleHop HIPAA compliant hosting comes with a whole range of included services. In their full HIPAA suite you will find a number of security improvements like:
- Advanced server monitoring on both hardware, software and file system level
- Easy firewall set up with SingleHop looking over your shoulder to prevent erroneous settings
- Centralized user account management with 2-factor authentication and detailed logging
Their support is very knowledgeable in setting up the correct HIPAA compliant environment, and they will make sure all the technical safeguards are there. They also know how to work with the extensive HIPAA policies, and work with a reputable partner to make sure all these policies are correctly implemented.
Sample price calculation
Given the fact SingleHop only provides a custom HIPAA compliant hosting setup, there is no sample price calculation to be made. But, as a rule of thumb, expect a minimum of $1.500 per month for a base level setup. You can read more on their pricing policy in the interview I had with SingleHop, which you will find if you scroll down.
And remember, using the promotion below gives you a 50% refund on your first month with SingleHop.
Conclusion of this SingleHop review
SingleHop comes with an impressive range of included services, and they make sure they know what you need before making a quote. These included services come at a price you should be willing to take though.
SingleHop Interview – 4 Questions to get to know them better
1) Why should people choose SingleHop for their HIPAA compliant hosting solution?
Security of Personally Identifiable Information/Patient Information is mandated. Breaches in patient information expose the organization to reputation, financial and legal ramifications. Organizations that have HIPAA mandates owe it to themselves to seek a reputable firm who can directly address each component of the HIPAA standard and who embraces the fundamental principles behind it.
Not all organizations that portray themselves as able to assist with HIPAA compliance actually use reputable methods to ensure that all known security vulnerabilities are addressed. SingleHop partners with Alert Logic to ensure that these safeguards are in place. Alert Logic works with many major security organizations to collaborate on known vulnerabilities in order to provide the most up to date and thorough safeguards possible to our HIPAA compliant customers.
Specifically, the following requirements must be addressed.
- Technical Safeguards – controlling access to computer systems and enabling covered entities to protect communications containing PHI transmitted electronically over open networks from being intercepted by anyone other than the intended recipient.
- Information systems housing PHI must be protected from intrusion. When information flows over open networks, some form of encryption must be utilized. If closed systems/networks are utilized, existing access controls are considered sufficient and encryption is optional.
- Each covered entity is responsible for ensuring that the data within its systems has not been changed or erased in an unauthorized manner.
- Data corroboration, including the use of check sum, double-keying, message authentication, and digital signature may be used to ensure data integrity.
- Covered entities must also authenticate entities with which they communicate. Authentication consists of corroborating that an entity is who it claims to be. Examples of corroboration include: password systems, two or three-way handshakes, telephone call back, and token systems.
- Covered entities must make documentation of their HIPAA practices available to the government to determine compliance.
- In addition to policies and procedures and access records, information technology documentation should also include a written record of all configuration settings on the components of the network because these components are complex, configurable, and always changing.
2) Do you employ HIPAA trained support staff, or have other means of answering technical HIPAA hosting related questions?
We have HIPAA trained engineers and staff.
3) To what extent can you help a customer become HIPAA certified?
There are training courses available whereby individuals can become HIPAA certified, which really means that they understand the principles behind the standard. Customers may be audited to verify compliance with the HIPAA standard.
See this link below. It is also important to understand the enforcement process that is outlined on the Health and Human Services website.
4) How does the sales process work?
– What happens after a customer contacts you to discuss a HIPAA compliant hosting solution?
– How long does it take before a customer can have its HIPAA solution up and running?
Customers are referred to SingleHop by HIPAAHQ.com to discuss deployment of a HIPAA compliant hosting solution. The steps are as follows:
- Scope and understand the nature of the sensitive data and the origination of the compliance mandate.
- Understand any other compliance initiatives, requirements or best practices required or desired.
- Architect the solution to include:
a. Secure, isolated environment – This is typically a private cloud or dedicated infrastructure
b. Security controls to include managed firewall, vulnerability scanning, intrusion detection, anti-virus, anti-malware, 2 Factor authentication and Event Management with 7 year retention.
c. Demonstrate the security software to include the portal and how we mitigate security events to keep information secure.
d. Discuss breach notification protocol.
- Quote the solution and agree on a time frame. The entire process can take anywhere from 1 day to 3 days, depending on the client’s experience and comfort level with HIPAA compliance. Education is key.
The infrastructure can usually be deployed same day. It takes approximately 1 week to bring up the entire HIPAA security solution to include the security software.
5. You have no pricing listed on your sales page, but can you give an indication of the price range for your HIPAA solution?
Pricing can vary based on each client but as a rule of thumb, a small environment (firewall, 2 servers, storage, backup, security software) can cost somewhere on the range of $1500 per month. As clients add hardware (compute nodes), fees will increase.
Thank you SingleHop for this interview!
And this concludes this SingleHop review. If you have additional questions, please leave them in the comment section.