ISO 27001 | SSAE 18 SOC 2 Certified Sales: 317.275.0021 NOC: 317.275.0001
The Fluid and Perilous Nature of Data Center Compliance
Compliance can be a pain to keep up with and can have serious consequences if you do not keep up with it. The recent headlines where Windows discontinues support to its most popular Windows XP operating system may, at first glance, seem not at all related to compliance. However, the fact is that systems that continue to run Windows XP operation system would be without support and therefore more likely to develop vulnerabilities. Storing health records in systems still operating on Windows XP run the risk of non-compliance with the HIPAA Act.
It is not enough for you to simply upgrade all your systems. When you outsource to a data center, if the data center runs systems on Windows XP and your records are compromised as a result, it is you, and not the data center, who will be liable in the eyes of the law.
So how do you protect yourself against these kinds of hidden dangers? It is not possible to be knowledgable of every single development in technology, relate it to compliance, and check whether the data center is protected on that front. The solution lies in taking a close look at what the data center is doing.
HIPAA, or the Health Insurance Portability and Accountability Act, lays down standards for protecting sensitive patient data. Any entity that handles protected health information needs to ensure physical, network, and process security for the data. However, there is no one-size-fits-all solution when it comes to ensuring HIPAA compliance. HIPAA Security standards are flexible and scalable, and each entity may take any reasonable security measures to meet the laid down objectives of the act. Therefore, if the data center has robust security systems in place that would compensate even if HIPAA covered data passes through a compromised XP system, there is nothing to worry about.
The underlying point to note is whether the data center has accreditation for being HIPPA compliant. Related compliance certifications such as SSAE Type II, PCI DSS, HITECH (Health Information Technology for Economic and Clinical Health Act), and others would also indicate the robustness of the data center security and the seriousness with which it views compliance and security. You also need to know the extent to which the data center updates and reviews its compliance and security set-up in order to be aware of emerging threats.
In today’s security threat landscape, the ability of the service provider to secure customers data is of prime importance. Lifeline Data Centers hold compliance as one of the important aspects of our data center. Learn more today.