HOSTING Ushers Customers into HIPAA Compliance — Guaranteeing Success Through Secure Managed Cloud Hosting Environments

Interview with HOSTING about HIPAA compliance

TL; DR: In the hosting game early enough to get the world’s most obvious domain name, the team at HOSTING is finding their biggest success more than 15 years later with security-focused cloud hosting and customer service. The managed service provider offers single-team support and guarantees that healthcare and eCommerce companies will comply with their industry’s security requirements.

Security is undoubtedly a challenging and necessary demand across the Internet, but in fields such as healthcare and eCommerce, lives depend on it. The call is clear: If your company handles sensitive information such as medical records or credit card transactions, you’d better step up your game or risk expensive and potentially deadly data breaches.

That’s where HOSTING swoops in to save the day. The Denver-based cloud hosting company guarantees that customers using a certain set of products will pass their audits. Last year, HOSTING clients faced more than 400 audits and passed each one.

Datacenter and screenshot of HOSTING website

HOSTING operates six datacenters across the US to provide secure environments for their customers.

Not passing an audit can get expensive. Companies can be on the hook for up to $1.5 million each year in fines or could have their ability to process credit credit cards revoked. Annual audits can be horribly disruptive and require an all-hands-on-deck, time-consuming production to get through the process.

With HOSTING’s managed cloud hosting services, however, companies can reach a higher level of compliance with much less time and money, according to HOSTING Chief Information Security Officer Johan Hybinette.

“We can offer a very complete set of solutions for customers with compliance and security demands,” he said. “Security is not a job for me. It’s more of a passion that we like to share, to make people more aware about how vulnerable their social security number and protected health information really is.”

How HIPAA & PCI Challenge Healthcare & eCommerce Companies

The Health Insurance Portability and Accountability Act, more commonly known as HIPAA, regulates the use and disclosure of protected health information. The federal regulations were signed into law in 1996.

The security standards for credit card transactions, however, were created in 2004 by credit card companies to require merchants to comply with responsible practices. The Payment Card Industry Data Security Standard, or PCI, are 248 security controls that protect the credit card companies that would be responsible for paying fraudulent charges.

HOSTING's Denver headquarters

HOSTING’s Denver headquarters is becoming the center for compliant hosting.

While many healthcare companies employ a compliance officer, Johan said they tend to be “on the people side and not the computer side, and the misconception is that they can do everything.”

Johan, who has spent more than 30 years building IT security programs and ensuring compliant environments, says compliance security is not black or white, but rather shades of gray. He says he sees a lot of healthcare providers and companies trying to build their own datacenters and struggling to reach compliance.

“Everybody knows what HIPAA is, but the healthcare industry as a whole is not very tech savvy,” he said. “HIPAA is very difficult. It’s not very prescriptive in telling what you can and can’t do. It’s not very objective, and there’s a recognized lack of HIPAA-compliant environments out there.”

HOSTING’s 3 Factors of Compliance Security

Johan says most companies touting compliance service are only basically performing a risk assessment evaluation. “I actually don’t think the compliance label should apply in those cases, because they’re just taking a snapshot in time,” he said.

Instead, HOSTING takes a 3-fold approach to security:

  • make it dynamic
  • make it measurable
  • make it proactive

HOSTING built this mantra after asking customers what they needed. Many of the more than 2,000 clients came to HOSTING because they recognized the hosting company’s overall security prowess. As more customers asked specifically for HIPAA and PCI compliance, the HOSTING team got to work.

1. Dynamic Solutions Keep HOSTING Ahead of the Curve

The end result is what Johan describes as a community cloud that enables customers to plug in their applications and environments on HOSTING’s infrastructure to basically achieve HIPAA compliance. HOSTING aims to be forward-compliant with staff members highly trained in compliance, healthcare, and eCommerce continually monitoring developments and changes in security guidelines.

2. Compliance Metrics Measure HOSTING’s Success

HOSTING created a scale between zero and 100 percent to measure a customer’s compliance. Although 100 percent is “pretty much next to impossible to get,” according to Johan, the scale allows IT and compliance employees to measure the benefits of acquiring HOSTING’s services — and pitch it to their superiors.

“If you go up to your executive team or board and say, ‘I want to purchase X,’ the board looks at you and wonders what X really is. They have no concept of what it does and how it’s going to help your compliance,” Johan said. “Five percent more compliance actually means something to the executive team. At least they know they’re getting five percent, and becoming five percent more compliant is a big step.”

3. Year-Round Attention to Compliance Builds HOSTING Users’ Confidence in Audits

Instead of waiting for an audit, HOSTING builds an organization’s compliance throughout the year so that an audit becomes no big deal. Dedicated support employees work with organizations to identify risks and prioritize which need to be addressed first. HOSTING continuously conducts audits on their systems and customers to identify gaps and mitigate potential issues before something bad actually happens.

“We will stand behind anything that we touch. We will make sure you pass your audit, and no one in our industry has that but us.”

HOSTING’s three focus areas means it has achieved full healthcare and financial compliance the past two years. The company passed its most recent audit with no exceptions — something only about four percent of businesses can claim.

“We are leading security with flying colors right now,” Johan said. “We are well, well above the norm in security and we’re offering better solutions for customers.”

Sales, Support, & Service: Customers Take Center Stage

HOSTING offers three different tiers of managed hosting packages to unify their award-winning services, security, and support with the leading platforms (including AWS, Azure, Google, and HOSTING’s own private and public clouds).

“Our service levels span across managed cloud, managed security, and managed database,” explained Director of Managed Services Tricia Pattee. “We have three tiers of service within each area, starting with Explorer, our foundational package. At this basic level, we’re handling the very mundane, repetitive tasks, like 24/7 monitoring and notifications, but the customer is responsible for all actions stemming from those notifications. Our mid-tier package, Voyager, is where we co-administer the environment with them. We’ll guide them and lead the charge when it comes to gaps in their expertise. Our premier tier is Pioneer, where we fully-manage their platform and take care of everything that doesn’t touch their code or require custom development.”

HOSTING employee in front of marketing wall

HOSTING takes a personal approach to service, with many accounts having a dedicated support person.

Potential customers work with HOSTING’s pre-sales solutions team through the proposal and quote process. Once a package and agreement have been solidified, the customer collaborates with a post-sales engineer who ushers the customer through the steps of configuration and installation. Communication is a major part of the on-boarding process, Tricia said, with clients at the two higher tiers working with at least one dedicated support manager.

“We have committed project managers that are aware of the customer’s business goals and objectives, along with knowledge of how they’re expecting HOSTING to help them,” she said. “Our project managers make sure we’re delivering on those objectives. That person is not only there to help mitigate any issues but also to help the customers be proactive in cost optimization for their environment, and consistently reviewing their architecture.”

Educating Customers so They Can Better Understand Their Needs

Johan says each customer’s security needs are unique, along with their awareness of what issues exist. “At least part of the time we’re actually training the customer so they understand what actually needs to be done,” he said. “Great communication and actually explaining to the customers how things are going to work shows why we’re worth the patience.”

Applying Metrics to Customer Service so HOSTING Can Measure Success

Since the early days, HOSTING concentrates on Net Promoter Score, or NPS, a measurement created in the Harvard Business Review that says the only customer service metric that matters is whether the customer would be willing to recommend a product or service to someone else.

“Great communication and actually explaining to the customers how things are going to work shows why we’re worth the patience.”

A company’s NPS falls on a scale between -100 and 100. Consumer brands like Tesla (96.6), Costco (82), Bose (78), Pizza Hut (78), and Starbucks (77) tend to outrank tech companies such as Samsung (70), Amazon (69), and Netflix (68). HOSTING, however, competes favorably with the tech leaders, according to Director of Marketing Bree Neely, with scores that fluctuate between the high 60s and low 70s.

“That whole idea of basing a company around support is really our biggest differentiator,” Bree said. “The thing that drives us the most is thinking about how we can make it a better experience for our customers.”

Plenty of Platforms: HOSTING Customers Can Customize Their Service

This year, HOSTING launched a concept they call the unified cloud: managed services across multiple platforms such as AWS, Azure, Rackspace, and Google.

“We classify different environments for different segmentations, so if you have a highly secure environment like a healthcare cloud with protected health information in it, of course that will be segregated more than a developed environment, for example,” Johan said. “It can be a completely customized experience.”

HOSTING offices and a discussion in the server room

By tailoring services to customers’ needs, HOSTING accommodates multiple web environments.

When cloud computing was just a concept in the 1990s, Co-Founders Art Zeile and Joel Daly set out to create a company that provided excellent service for mid-size companies with business-critical applications. They partnered on many projects and companies, eventually landing on HostMySite, which acquired HOSTING in 2009.

Now, HOSTING boasts about 400 employees and more than 2,000 customers. The company operates six datacenters in California, Colorado, Texas, Kentucky, and Delaware, with roughly 5,000 physical servers and 10,000 cloud servers.

“Our big focus this year and moving forward is all-around managed cloud hosting, whether that is managed security or just managing their cloud infrastructure,” Tricia said.

Finale: An Award-Winning Company Makes Big Claims & Backs Them Up

The industry is taking notice of HOSTING’S success. In April, the company won the 2016 MSPWorld Cup Award for Best Cloud Solution and gave the keynote address at the MSPWorld spring conference. The award honors companies for “consistent and thoughtful efforts to advance the cause of managed service providers through the provision of innovative technologies, solutions, and services.”

By making compliant and secure web environments for customers, HOSTING is making promises that few can deliver. “We put our money where our mouth is. We will stand behind anything that we touch,” Bree said. “We will make sure you pass your audit, and no one in our industry has that but us.”

Toby Sembower

Questions or Comments? Ask Toby!

Ask a question and Toby will respond to you. We strive to provide the best advice on the net and we are here to help you in any way we can.