Most HIPAA compliant cloud hosting services don’t do a very good job of making considerations for the application or website they’re hosting. This creates a disconnect between developers and systems administrators, putting more pressure on the system administrators to customize the environment to support the software, which they likely don’t understand perfectly. This also creates barriers for the software developers to overcome for each release they make. With limited communication between system administrators and developers, vulnerabilities are easily overlooked. The net result is unexpected costs, slower deployment of new versions, and unnecessary vulnerabilities.
Medical Web Experts, a partner company of Bridge Patient Portal, recently launched the MWE Cloud, a HIPAA-compliant cloud hosting service created with website and application development in mind. This turn-key cloud hosting service is used by Bridge Patient Portal as their patient portal hosting solution. The MWE Cloud features a suite of features for compliance, security, and development, including:
- Backups: Encrypted off-site backups are performed daily and are retained for 6 years.
- WAF and DDoS protection: Optional packages with Web Application Firewalls (WAF) and Distributed Denial of Service (DDoS) protection.
- SSL: SSL certificates that support TLS v1, v1.1, and v1.2.
- Continuous monitoring: Maintain ongoing awareness of security controls, vulnerabilities, and threats to support risk management decisions.
- Virtual network protection: Software-based switches and network configurations as part of the virtual environment to allow virtual machines on the same host to communicate more directly and efficiently.
- Access Control: Strict access requirements, such as VPNs, bastion hosts, two-factor authentication, login audits and secure channel communication with public-key cryptography.
- Encryption at-rest: Data is encrypted with 256-bit Advanced Encryption Standard (AES-256), one of the strongest block ciphers available.
Read more about HIPAA compliant messaging: