Our last data center dictionary entry covered Disaster Recovery. We discussed what disaster recovery is, how to reduce various threats, and how to begin your own disaster recovery plan. Next, we move to Colocation.
What is colocation?
Simply stated, colocation is the practice through which a business locates its servers and IT equipment in an offsite data center. These facilities are often designed provide rich connectivity options, which would be otherwise unavailable to a business or organization. In application, colocation allows a business to locate its servers and other IT equipment securely in a data center. As opposed to dedicated server hosting, colocation allows businesses to own and manage their servers in an environment designed to support and enhance server activity.
Why do businesses practice colocation?
Colocation provides businesses with several advantages, including:
- Improved facility and network security
- High uptime and availability
- Increased connectivity options
- Cooling, electrical and networking redundancy
- Scalability for future growth
- Cost-effective bandwidth
- Outage protection
Who should consider colocation?
While colocation can be a great resource for all businesses, medium and large-sized organizations should consider colocation. Industries that regularly handle highly sensitive information, such as financial services and healthcare, benefit from colocation because data centers have exceptional security measures in place.
Why should a financial service company consider colocation?
Today’s financial environment has given the advantage to the quick, connected, and agile. Colocation allows companies the speed, availability, and compliance adherence necessary for success. The boom in electronic trading allows companies to make transactions almost instantly but has also created an environment in which speed directly affects success. The most successful companies in this industry obtain and analyze market information to make quick and accurate decisions, and each second matters.
Colocation also prevents companies from suffering at a loss of latency. With 100% availability and uptime, a financial organization can be certain they will not miss an opportunity which might lead to a costly loss. Finally, because these companies handle sensitive data regularly, they must adhere to stringent compliance regulations. For more information about compliance, financial services, and colocation, we recommend reading our white paper, A Guide to Financial Services Regulations.
Healthcare and Colocation
In today’s healthcare environment, the IT infrastructure may be as important as the care itself. A new study published in the January/February Annals of Family Medicine estimates that 70% of family physicians are using Electronic Health Records (EHR) and by the conclusion of the year over 80% will use EHRs. Healthcare providers at all levels—from hospitals to family care practices—are relying heavily upon EHR and other technology. Today technology in medicine is no longer just for operational efficiency but also for effective patient care. Because the role of technology in healthcare has evolved as a critical component in any healthcare organization, these organizations should consider colocation. It ensures effective operation and excellent patient care as well as HIPAA and HITECH compliance.
There have been questions about what role a data center plays when it comes to HIPAA. We want to address what requirements and obligations data centers have when working with clients in the healthcare industry.
First of all, what is HIPAA? The acronym stands for the Health Insurance Portability and Accountability Act of 1996, enacted to protect the health information of patients. When you visit a doctor’s office or the emergency room at your local hospital, all the people seeing your medical history have signed some sheet of paper, promising to keep your information private. This means to disclose healthcare information, they must have your permission (or authorization from the proper authorities in cases of child abuse, etc.). HIPAA also covers how physical and electronic data is handled and secured. Healthcare entities must backup their data and have a disaster recovery plan in place. This is where data centers come in.
The Health Information and Technology for Economic and Clinical Health (HITECH) Act was enacted on February 17, 2009. This Act requires covered entities to disclose breaches in Protected Health Information (PHI). The covered entities and their business associates that “access, maintain, retain, modify, record, store, destroy, or otherwise hold, use, or disclose unsecured PHI” are required to notify the Department of Health and Human Services or any breaches. The business associates must notify the covered entity of a breach who in turn notifies the individuals involved (patients) and the HHS if more than 500 individuals were affected. From the statement above, data centers like Data Cave, would be considered a business associate.
The problem is there is much to speculate on what this actually means. Some data centers use HIPAA compliance as a marketing tool. Let me make something clear, there is no certification for HIPAA. A data center can be HIPAA compliant, which is what we at Data Cave consider ourselves. Some pay an outside source to come in, look around, and put their stamp of approval on the facility. For Data Cave, meeting HIPAA compliance means limiting people with access to equipment, including our own staff. This also means notifying the proper channels when someone has been near a healthcare entity’s equipment. With most healthcare companies, they are going to want to manage their own equipment, which means our staff wouldn’t need to touch it anyway. However, for a data center doing managed services, facility staff would be responsible. In that case the facility would enter into an agreement with the customer to maintain confidentiality. In the event of a breach, whether virtual or physical, a data center would notify the customer (the covered entity) who would, in turn, notify the HHS if applicable.
In other words, no one can claim HIPAA certification. To take it a step further, the essence of a data center is to be secure; so in that case, aren’t we all HIPAA compliant?
To find out more about Data Cave and HIPAA compliance, call us at 866-514-2283 or Contact Us via our website.