HIPAA Colocation FAQs

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 was enacted by Congress and signed by President Bill Clinton in 1996. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans and employers.

What does it mean to have a HIPAA-compliant data center?

HIPAA certification means the data center follows the standards set by the Health Insurance Portability and Accountability Act. Any company that handles protected health information must ensure that all aspects of its operations – from the physical network to the software that runs on it – are secure. When medical providers co-locate their infrastructure, the data center also must be in compliance with HIPAA regulations.

With its HIPAA certification, ColocationGuard must meet certain administrative, physical and technical safeguards in place, according to the U.S. Department of Health and Human Services. Examples of safeguards include:

  • Physical barriers to limit facility access and control.
  • Technical barriers that allow only authorized personnel to access electronic health data. Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption.
  • Tracking logs that keep records of activities in both hardware and software. This helps pinpoint the source or cause of any security violations.
  • Technical policies that include integrity controls, or measures to confirm that electronic patient health records haven’t been altered or destroyed.
  • Transmission security to protect against unauthorized public access of patient records. This concerns all methods of transmitting data, whether it be email, Internet, or even over a private network.

Who handled ColocationGuard’s HIPAA compliance review?

The review was handled by IS Partners, an independent auditing firm that has handled more than 800 SAS 70, SSAE 16 and SOC audits, internal control readiness assessments, trust service audits, HIPAA assessments, and information technology audits. The firm, which is based in Horsham, Pa., serves clients in all major service industries throughout the United States, Canada, United Kingdom, Central America, India, Pakistan and Caribbean Islands.  The firm’s SSAE 16 audit teams are comprised of experts in the areas of accounting, information technology, internal controls, and business process auditing.

The ColocationGuard certification involved:

  • Completing a risk-based assessment
  • Securing PHI, per guidelines
  • Addressing contracts and processes
  • Planning for breach detection
  • Planning for breach response


The Health Information Technology for Economic and Clinical Health (HITECH) Act, which took effect in February 2010, extends the Health Insurance Portability and Accountability Act’s (HIPAA) rules for security and privacy safeguards, including increased enforcement, penalties and audits. It was passed after surveys showed that many HIPAA compliance programs were deficient in the areas of privacy and security, including inadequate program testing and failure to update the programs.

Where can I find out more about electronic health records?

Visit the Department of Health and Human Services’ informative website: http://www.hhs.gov/ocr/privacy/.