How many of you are hosting banks, hostpitals, or other organizations that have to meet certain government security standards?

Have you found these requirements to be overly restrictive, or within the parameters of good data center design?

You meant HIPAA, right?

I don't think it would go down well with a kid who just threw CPanel on a server and think's it's secure... :D

Going by this (http://www.hhs.gov/ocr/hipaa/contractprov.html) sample contract it looks like most (real/legitimate) hosts shouldn't have any problems accepting and complying with it if they run their own datacenter(s). If they just rent a cage then there could be problems with their host and/or any contractors their host may have.

Now if that's missing some major points that should've been in it maybe there would be problems, but the reading the full text of the thing is more legal mumbo-jumbo than I can bear on a Sunday afternoon.

Originally posted by no1v2:

You meant HIPAA, right?


Sure, that's what I posted :D.

Right, it is not just the server, it is the whole data center infrastructure that has to be taken into account. I know several larger hosts have announced that they are HIPAA-Compliant in the last year -- I am wondering if this trickles down to smaller hosts.

I think he meant your title Allan ;). I believe OLM.net said that they were HIPAA complaint, could be mistaken though.

Originally posted by interactive:

I think he meant your title Allan ;). I believe OLM.net said that they were HIPAA complaint, could be mistaken though.

But my title says HIPAA as well ;).

Digex, ServerVault and Sprint have all announced HIPAA compliance in the last year -- but these are pretty big sized data centers.

Originally posted by allan:
Right, it is not just the server, it is the whole data center infrastructure that has to be taken into account.I know, that's why I mentioned that hosts who colo would probably have problems with it. The kid CPanel host line was just a joke, a hospital wouldn't store any information covered by HIPAA on a shared server, and I'm sure they'd investigate any host they would use.
Originally posted by allan:
Digex, ServerVault and Sprint have all announced HIPAA compliance in the last year -- but these are pretty big sized data centers. I didn't think of HIPAA compliance as an being advertisable, but now that you mention it it makes perfect sense. It can go right along with all the data centers that suddenly turned into "disaster recovery" centers :D

Originally posted by no1v2:
I didn't think of HIPAA compliance as an being advertisable, but now that you mention it it makes perfect sense. It can go right along with all the data centers that suddenly turned into "disaster recovery" centers :D

It also might depend on location -- around where you and I live, HIPAA compliance and things like that are important for government contracts.

Even without government contracts, the healthcare profession represents a boatload of money, and a group of clients that do not necessarily have the expertise to build a HIPAA-compliant infrastructure in-house.

As far as Disaster Recovery -- that is the best marketing ploy ever for a data centers: Give us lots of money, we'll let you put servers and stuff in the data center, and you'll only use our bandwidth once in a blue moon :).