openEMR HIPAA Hosting

moshegorin wrote on Monday, August 11, 2014:

(I posted this originally in the “Help” forum by mistake but it belongs in the “Developers” forum)

Hi I have researched HIPAA compliant web hosting for several weeks and I would like to share my results with the community.

Based on my research Google Cloud seems to be the best in terms of price, hardware and flexibility. Runner up is LuxSci.com

  1. Google Cloud - Google Compute, Storage and Cloud SQL are HIPAA compliant without any changes necessary. They will sign BAA for no extra cost. It looks possible to run openEMR on Google Compute/Storage/SQL (but NOT on Google App Engine because this is NOT HIPAA compliant). Pricing is flexible and it looks like openEMR for a small practice running 24/7 would be around $50 to $100 per month with backups.

Pros: Flexible pricing, no extra HIPAA fees, Google brand name
Cons: Only 1 data center right now (in midwest); It’s a huge company so don’t expect to get much personal attention/support

  1. LuxSci.com - They rent space on Rackspace and other networks to create HIPAA compliant infrastructure and you can host openEMR for only $15/month.

Pros: Very cheap for entry-level plan, small company with support
Cons: Dedicated servers are expensive, $100 to sign BAA

  1. Amazon Web Services - they charge $1,500/month minimum for a HIPAA compliant setup plus all regular fees (for EC2, S3 etc.)

Pros: Lots of data centers around the world
Cons: $1,500/month minimum for HIPAA infrastructure

  1. Rackspace.com - they require you buy a dedicated server for HIPAA compliance which starts at $500/month

Pros: Known for high quality
Cons: $500/month minimum

  1. Other Providers - All of these are small providers that offer HIPAA compliant dedicated servers for $100/month and up.


OnlineTech.com

Firehost.com

Pros: Small companies so good support
Cons: Can be expensive & require long-term complex contracts, hardware is not as flexible as Google/Amazon

Please share your comments and experiences, thank you.

kodusote wrote on Monday, August 11, 2014:

Dear Moshe,

Was Linode included in your evaluation and if so, what is your finding?

Thanks.

moshegorin wrote on Tuesday, August 19, 2014:

As far as I know Linode HIPAA compliant.

moshegorin wrote on Tuesday, August 19, 2014:

I mean: “As far as I know Linode is not* HIPAA compliant”