image description

Solutions for HIPAA Compliance

image description

Secure Hosting Standards

Lightcrest provides secure, compliant hosting environments to customers around the world. Our clients in the healthcare industry are able to spend more time on brick and mortar HIPAA requirements (like handling physical paper/patient files) by outsourcing the electronic requirements of HIPAA to Lightcrest.

Secure infrastructure tailored specifically to your needs will keep your patient data protected from from malicious hackers and unauthorized personnel. From firewalls and dedicated networks to hardened databases and log archives, Lightcrest will ensure you have the physical and logical security necessary to keep your patients' best interests at the forefront of your business.

Download PDF


Let your medical experts do an even better job by off-loading the electronic aspects of HIPAA to Lightcrest. Here are just a few examples of secure HIPAA compliance solutions we provide:

  • Virtualized Data Silos
  • Encryption of Structured and Unstructured Data
  • ACL-enforced Search Engines and Portals
  • Hosting of Medical Billing Systems
  • Hosting of Patient Management Systems
  • Hosting of Electronic Medical Record (EMR) Systems
  • Commercial Application Hosting for Healthcare Professionals
  • Turn-key, secure computing instances for Medical SaaS
  • HIPAA Compliant Website Hosting in Linux or Windows
  • Virtualized privated environments for Extranet and Intranet applications

We work with private medical practices, dental care providers, medical billing firms, vision providers, and insurance companies everyday to maintain their critical applications and HIPAA compliant systems. Even if you're not a healthcare provider, you can benefit from our services if you have customers who are, by passing on our expertise and infrastructure as your own. Have the confidence and the security portfolio you need to win new business with healthcare customers looking for HIPAA compliant partners.

All HIPAA Compliant Web Hosting Solutions Include:

Application Layer Protection for HIPAA Compliance

  • Help prevent Trojans, Worms, and Viruses from traversing your infrastructure.
  • Isolate and contain Malicious and Spurious traffic before it hits your systems
  • Stop Cross-site scripting and SQL injection attacks.

HIPAA Compliant Customizable Security Rules

  • Centralized Cisco Firewalls and Linux Netfilter hardened relative to your needs
  • Application Level Monitoring and Intrusion Detection Systems
  • Custom Trip Wires to alert all stakeholders of file system modifications
  • Detection of brute-force attacks and abuse of remote logons
  • Custom backup strategies with retention minimums
  • Forced authentication expiration
  • Asymmetric encryption algorithms reduce effiacy of man-in-the-middle style attacks
  • DSA and RSA key enforced two-factor authentication
  • Tunneling to all branch offices via IPSec and encrypted Cisco GRE
  • Disaster Recovery, triple redundant backups, black-out-proof DNS

HIPAA Compliant Architecture

  • Segregated physical infrastructure and DMZ's tailored to specific "zones"
  • Even virtualized webservers and databases are maintained on separate infrastructure
  • Lightcrest SpeedStacks provide efficient deployment mechanism for quickly duplicating virtual environments without compromising security
  • Enterprise Grade Network Infrastructure and Scaling Hardware
  • Enteprise Grade Servers
  • Automated "Sleeping" User Logout

Log Management

  • Archived and searchable index for all systems logs relative to customer requirements
  • Alerting based on detection of malicious exploit signatures
  • Kernel level filesystem alerting

HIPAA Compliant Physical and Logical Security Policies

  • All physical, network, and systems changes are documented
  • Biometrics, multi-tiered security personnel, cage-level surveillance, and man-traps lock down physical datacenter facilities
  • Strict data retention/destroy policies
  • Hand scanners on all cage infrastructure

Ongoing Vulnerability Scanning

  • Daily scans of all known vulnerabilities and newly released zero-day exploits
  • Reports on host and network level vulnerabilities
  • Implicit IP ACL's that assume systems are vulnerable until proven otherwise
  • Anomaly-based Intrusion Detection Systems
  • 10G Backbones and 1G distribution-layer links to buffer DDOS attacks
  • Null routing capabilities

Requirements

Did you know that not having HIPAA compliance could leave you in breach?

Here are some administrative safeguards required by HIPAA:

  • Performing and documenting a risk analysis
  • Creating and maintaining a risk management plan
  • Creating a sanctions policy
  • Performing an information systems activity review
  • Developing a security incident response and reporting mechanism Daniel Masys, M.D., Vanderbilt University School of Medicine March 8, 2005
  • Creating a data backup plan
  • Creating a disaster recovery plan
  • Defining emergency mode operations
  • Having periodic evaluations of standards compliance
image description

Always Included

  • 30 Day Money Back Guarantee if You Aren’t 100% Satisfied with our Service.
  • 24/7/365 Live Tech Support
  • Personal Account Manager
  • 100% Network Uptime SLA
  • Unlimited Admin Troubleshooting
  • Proactive Security Patching
Questions?

We can help.

Hello. Let's chat.
Click Here to chat
No, Thanks. Not Right Now.