This is a paid review performed by an independent writer, according to our guidelines.
See full disclosure the at the bottom of this article.
VM Racks Company Bio
An abbreviation for “virtual machine racks,” VM Racks is a leading provider of HIPAA compliant hosting. Based out of San Marcos, California, the company is legally known as Etica, Inc.
Started in 1997, VM Racks was one of the earliest forays into consumer-level hosting in the United States.
As the hosting industry matured through the 2000s, competition increased exponentially. New lean competitors and established tech behemoths flooded the market with cheaper and more accessible consumer hosting solutions, undercutting companies like VM Racks on price while outspending them on marketing and sales efforts.
The early gold rush of “vanilla hosting,” as VM Racks CEO Gil Vidals likes to call it, quickly came to an end. Competing in the market on price alone was no longer an option.
Determined to not only survive, but to thrive in a quickly saturating industry, VM Racks had to go back to the drawing board.
Note: We also published a review for their HIPAA compliant email solution.
Health, Hosting, and Regulations
Around the same time, the health industry saw the beginnings of a meteoric rise. An aging population of baby boomers, new medical innovations and breakthroughs, and a record number of health related startups resulted in an unprecedented growth of the industry.
Anticipating the growing sector’s increasing reliance on networked systems, lawmakers worked diligently to pass several stringent regulations (HIPAA, HITECH) on organizations dealing with protected health information.
This created an insurmountable barrier to entry for many budding health startups. Not only did these organizations have to attain internal compliance, they were also legally required to use the services of compliant organizations—both of which were prohibitively expensive at the time.
Lowering the Barrier for Entry
Recognizing a vacuum in affordable HIPAA hosting services, VM Racks CEO Gil Vidals redirected his company towards the health sector.
Implementing all the necessary administrative, physical, and technical safeguards required for federal compliance, VM Racks retooled their entire operation to focus on compliant hosting. During a time when a standard HIPAA compliant hosting plan could cost five figures per year, VM Racks solutions allowed many entrepreneurs and existing health organizations to affordably enter the cloud—without fear of non-compliance.
Unlike several major competitors (Armor (formerly FireHost), RackSpace, AWS etc.), HIPAA hosting is the core focus of the VM Racks business strategy.
Compliance is the name of the game, and VM Racks is playing to win.
VM Racks Service Overview
In addition to being fully HIPAA compliant, VM Racks also offers a slew of services that will aid health organizations in their own compliance efforts.
- Offsite backups and data recovery procedures
- Security management systems
- Automated security measures (HDIS)
- Physical and web-based firewalls
- Multi-factor user authentication
- Vulnerability audits
- Password management
- HIPAA Business Associate Agreement
In addition, VM Racks also offers 24/7 US based customer support, server migration, VPN access, and flexible plans.
Posing as the head of a budding health startup to protect my anonymity, I called VM Racks customer support with a notebook full of questions. Not even a full ring into the call, a pleasant sales employee picked up the phone.
I quickly unleashed a barrage of questions.
Doing his best to answer my exceedingly technical inquiries, the customer service employee eventually offered to put me in touch with someone from the tech team. I braced myself for long wait times and half a dozen more transfers—but they never came.
Within 20 seconds, I was on the phone with the company’s CTO.
For the next half hour I grilled the poor man on everything from compliance standards and hidden fees to server specs, uptime statistics, and latency standards. And he answered each question with uncompromising honesty, anticipating nearly every follow-up I had. He even gave my fake startup a wealth of advice regarding software frameworks and SQL databases. This was a man who knew his trade.
As we wrapped up our conversation, I gave him an old e-mail address. Within a minute, I received a new message with the CTO’s personal cell phone—in case I had any more questions.
The level of helpfulness, knowledge, and professionalism I experienced with VM Racks customer service is a rarity in most industries—and simply unheard of in the tech sphere. In an industry where under-qualified call center employees are the front-line of customer service, where abysmal wait times and endless transfers are the rule rather than the exception, and where sales scripts stifle any possibility of candor, VM Racks stands apart from the pack.
Their customer service is simply unmatched in the HIPAA hosting sphere.
Although a growing number of hosting providers now offer HIPAA compliant services, few can be considered knowledge-leaders in the sector.
In this regard, VM Racks is ahead of the curve.
Combining deep technical expertise and a wholesome understanding of HIPAA regulations, VM Racks routinely publishes helpful articles aimed at the health sector. To date, VM Racks has published more than 40 articles on their HIPAA Compliant Hosting Insights page. Here, they expertly address many important HIPAA related concerns, like when you should encrypt PHI and how to dispose of PHI data. They offer deep insights into the technical aspects of HIPAA compliance, including database structure designs and HIPAA compliant content management systems.
Keeping up-to-date with the latest HIPAA developments, VM Racks also publishes commentary on new security vulnerabilities and the impact of HIPAA on emerging industries.
With a wealth of expertise and attentive customer service, VM Racks is an excellent resource for organizations looking to learn more about HIPAA compliance and put the knowledge into practice.
VM Racks Technical Overview
VM Racks provides hosting out of two data centers – one in San Diego and one in Phoenix, AZ. The data centers are not only technically secure, but also physically secure – using cutting-edge surveillance hardware, biometric scanners, and detailed security logs to ensure server integrity.
VM Racks’ data centers have been audited by a 3rd party and have achieved SSAE 16 SOC 1, 2, and 3 (all Type 2) and Title 21 CFR Part 11 certifications.
A series of hardware and infrastructural redundancies maximize service reliability and uptime.
All VM Racks HIPAA hosting solutions are run on virtual machines.
Simply put, virtualization allows physical servers to house multiple emulated “virtual” servers. This practices gives VM Racks several advantages:
- Less downtime: a virtual server can be easily and quickly migrated to another machine in the case of hardware failure.
- More flexibility: Any operating system or SQL database can be quickly installed, updated, or replaced. Space, processing power, or memory can also be quickly allocated to virtual machines when needed.
- Lower cost: Using a separate physical machine for each server results in more energy consumption and inefficient use of computational resources, making virtual servers substantially cheaper.
The VM Racks website boasts a server uptime of 100%. Though as anyone who is familiar with web hosting can attest, this is just not possible.
Not accounting for scheduled late-night maintenance, the real figure is closer to 99.999%. But that just doesn’t look as good on marketing materials.
This mighty impressive feat is accomplished through the help of server virtualization and intelligent redundancies. In the case of complete power outages, for example, gas generators will power your server while an alternate power source is switched on.
Using a VM Racks HIPAA Cloud server, you can expect a best-case response time between 300 and 500 milliseconds. Although this isn’t the fastest response time in the industry, it is more than enough for most health related applications.
Note: It is possible to see a slower response time, especially if your website or app are too resource-heavy for one of the capped hosting plans.
VM Racks HIPAA Compliant Hosting Solutions
HIPAA Cloud Startup Package – $199 USD/Month
The Startup package, costing $199 USD per month, allocates users separate linux-based web and SQL servers, 2 GB of RAM, a 2 GHz CPU, 50 GB of total storage, and a 1 MBPS bandwidth (320 GB monthly)—all HIPAA compliance measures included. You can upgrade to a Windows-server for an additional $150 per month, if your website or application require it.
This is a killer offering for three reasons:
- You will be hard-pressed to find a truly HIPAA compliant hosting service for under $1,000 per month, let alone $500. An established competitor, Armor (formerly FireHost), charges roughly four times as much for their entry-level HIPAA hosting package.
- While the specs for this package may seem low, you are actually getting twice the RAM and nearly double the storage of most entry-level cloud hosting packages.
- A web server and a database server are both included. This separation is vital for security, performance, and scalability. Likened by security experts to the separation of church and state, keeping your application and database on the same server is asking for trouble. While other HIPAA compliant hosting companies will often charge you twice as much ($1,500+ at Armor) to keep the two separate, this feature is included free of charge on all VMs.
Few hosting providers can compete with VM Rack’s entry-level HIPAA compliant offering, and it is an excellent package for health startups, small organizations, and solo practitioners alike.
HIPAA Cloud Enhanced Package – $599 USD/Month
Offering separate Linux-based web and SQL servers, 6 GB of memory, a 4 GHz CPU, 150 GB of storage, and the same 1 Mbps (320 GB monthly) bandwidth found on the entry-level service, the $599/month Cloud Enhanced package aims to remove the memory and storage bottlenecks for larger organizations.
Given the three-fold increase in memory and two-fold increase in processing power, this package seems to be aimed at organizations that run more applications and scripts or use a more complex CMS. However, taking full advantage of the additional computational resources would most likely require more bandwidth.
So why has the bandwidth remained unchanged?
The simplest explanation is that VM Racks is trying to upsell organizations on their enterprise package. But we really can’t fault VM Racks on this business strategy, given the incredibly competitive pricing.
As a standalone offering, VM Rack’s Cloud Enhanced Package is still a fantastic value for the price. Few providers can compete with VM Rack’s comprehensive security measures, rock bottom pricing, server specifications, and customer service.
HIPAA Cloud Enterprise Package – $999 USD/Month
Although dubbed as an “enterprise” offering, VM Rack’s priciest HIPAA hosting package is actually cheaper than many entry-level packages from competing services. At $999 per month, your organization can make use of up to 10 VMs, 10 GB of memory, a 6 GHz processor, 200 GB of storage, and 3 Mbps of bandwidth (960 GB per month).
With an abundance of memory and processing power, most complex apps and websites should run like a dream. And the three-fold increase in bandwidth is a welcome (and necessary) upgrade for organizations looking to take full advantage of the additional raw power.
On a price to power ratio, the VM Racks Enterprise package is quite possibly the best value available on the market.
Like the other preset packages, the main criticism leveled at the Enterprise offering is limited bandwidth. This is especially troublesome given the marketing language. The word “enterprise” is associated with larger and more established businesses, comprised of hundreds—if not thousands—of employees. Yet, the bandwidth of the “enterprise” package would choke up with a mere fraction of that.
Instead, it would be more accurate to market this package towards small to medium-sized firms with higher-than-average computational requirements. For these types of organizations, this VM Racks offering is an incredible value. Real “enterprises,” on the other hand, should look at the dedicated solution.
HIPAA Compliant Cloud Dedicated – Price NA
Unlike the packages listed above, the dedicated service has no preset parameters. Clients have complete freedom over choosing their own CPU, memory, storage, and bandwidth requirements—paying in proportion to their chosen specifications.
Whether you are a medium-sized organization transferring large swaths of data or a giant enterprise with thousands of users, you can tailor-pick each facet of your virtual machine for optimal performance.
Unfortunately, this increased freedom introduces some difficulties.
- Unless you are able to accurately estimate your requirements, you may find yourself severely overpaying for unused resources, or taking serious performance hits.
- Because the virtual environment is under your full control, a system’s administrator with VMWare experience is advised but not required. Dedicated server are still fully managed by VM Racks, as with the other plans.
- Operating your own infrastructure places more liability on your organization in case of a privacy breach.
Assuming that your organization can adequately address the aforementioned issues, this is an excellent offer. While potentially pricier than the preset packages we reviewed above, cost saving measures like virtualization and prepaid bandwidth will ensure that you’re still getting the best pound-for-pound value anywhere. If not, VM Racks will gladly match the lowest price.
Taking into account server specs, security, federal compliance measures, customer service, and company expertise, it is easy to recommend VM Racks HIPAA Cloud service to any health organization in need of compliant hosting.
But the main selling proposition is value. You just won’t find a more complete HIPAA hosting service for such a low price.
Full disclosure: This is a paid review performed by an independent writer, according to our guidelines. Minor edits were made to this review to clarify certain findings before it was published. Also, VM Racks made some additions to their website after the writer reported missing information. All statements and opinions made are those of the writer.