Virtustream, a cloud hosting provider headquartered in Washington, D.C. with offices in San Francisco, Atlanta, London, Geneva, Dubai, Lithuania and Pune, has announced that its Infrastructure-as-a-Service (IaaS) cloud offering is now HIPAA compliant, meeting the federal standards for privacy, security and breach notification in the handling and storing of healthcare records.
Virtustream’s HIPAA compliance is formalized through a third-party audit. The certification validates that Virtustream can ensure the confidentiality, integrity and availability of critical assets and information to its healthcare industry customers. The audit is available under NDA in its entirety, as Virtustream offers all third-party audit details to its clients.
Virtustream has also established the Virtustream “HIPAA RACI Responsibility Program” to empower its customers to better understand, define and agree to co-managed responsibilities and accountability to ensure that all controls are in place and comply with the law.
“A number of our clients are hosting or intend to host employee or customer healthcare data in the cloud, and the security of highly sensitive information like patient records cannot be vulnerable,” said Pete Nicoletti, chief information security officer (CIO), Virtustream. “Healthcare enterprises and other clients with HR and medical records can confidently select our services knowing that we have the proper controls in place to safeguard their information.”
Virtustream owns data centers in the U.S. and Europe with service provider partner data centers in Latin America, the Middle East and Asia. The cloud hosting provider, delivering private, public and hybrid cloud solutions, does also comply with PCI, FISMA, ISO 27000, SSAE and SOX standards.