openEMR HIPAA Hosting

moshegorin wrote on Wednesday, August 06, 2014:

Hi I have researched HIPAA compliant web hosting for several weeks and I would like to share my results with the community.

Based on my research Google Cloud seems to be the best in terms of price, hardware and flexibility. Runner up is LuxSci.com

  1. Google Cloud - Google Compute, Storage and Cloud SQL are HIPAA compliant without any changes necessary. They will sign BAA for no extra cost. It looks possible to run openEMR on Google Compute/Storage/SQL (but NOT on Google App Engine because this is NOT HIPAA compliant). Pricing is flexible and it looks like openEMR for a small practice running 24/7 would be around $50 to $100 per month with backups.

Pros: Flexible pricing, no extra HIPAA fees, Google brand name
Cons: Only 1 data center right now (in midwest); It’s a huge company so don’t expect to get much personal attention/support

  1. LuxSci.com - They rent space on Rackspace and other networks to create HIPAA compliant infrastructure and you can host openEMR for only $15/month.

Pros: Very cheap for entry-level plan, small company with support
Cons: Dedicated servers are expensive, $100 to sign BAA

  1. Amazon Web Services - they charge $1,500/month minimum for a HIPAA compliant setup plus all regular fees (for EC2, S3 etc.)

Pros: Lots of data centers around the world
Cons: $1,500/month minimum for HIPAA infrastructure

  1. Other Providers - All of these are small providers that offer HIPAA compliant dedicated servers for $100/month and up.

ONR.com

Pros: Small companies so good support
Cons: Can be expensive & require long-term complex contracts, hardware is not as flexible as Google/Amazon

Please share your comments and experiences, thank you.

cravaus wrote on Thursday, August 07, 2014:

I set mine up on a Synology NAS and manage it my self with back up to another NAS off site. Each NAS is about $500 with 8tb of storage on two drives after lots of shopping on line. That is more than enough storage for me. A $1000 one time cost. I also purchased a domain name and a SSL certificate which you will have to do anyway. I moved my website to the NAS as well and cut out Godaddy. I also set up a camera surveillance system on the NAS. Pros: long term least expensive. Cons: it was a pain to set up but I posted how on the discussion group. It runs great however.