Compliance and Hosted Services an Uneasy Fit for Small Companies

by Frank Ohlhorst
For many small companies, compliance has become an expensive burden, forcing them to turn to hosted services. But the concept of shifting the compliance burden to a third party is not as easy as it seems.
This is particularly true when it involves HIPAA compliance. So many small companies, such as clinics and single practitioner offices, are forced to meet the same stringent requirements as much larger organizations.
There is a critical difference that separates the two. Larger organizations have IT departments, staff and budgets to meet these stringent requirements, and small companies do not. That makes smaller offices ideal candidates for hosted services and storage, but that still doesn’t eliminate the burden of compliance.
Ultimately, small company operators remain wholly responsible for their data and how that data meets compliance regulations. This means small business operators must vet their hosted services providers to make sure they are not the weak link in their compliance strategy.
Luckily, many businesses providing hosted services are becoming certified for compliance. Take Egnyte, a small hosted file server/hosted storage vendor offering HIPAA compliance services to its customers. To achieve compliance certification, Egnyte had to go through third-party auditing and deploy technologies that keeps data compliant.
For example, Egnyte has to encrypt data at rest and in motion. What’s more, the company had to implement a solid disaster recovery plan that protects against data loss, as well as one for backing up data locally and at an alternate site. Comprehensive logging and user logon security is another area that Egnyte had to address to meet compliance needs. All those elements together (and some not mentioned) is how Egnyte achieved compliance certification.
However, if a business with HIPAA requirements chooses Egnyte for file storage or other services, that business will not automatically become compliant. Why? Because consideration must be given to what happens to the data on-site, how that data is stored, who has access ot it, who audits the data, and how it is protected. For instance, is the data encrypted? Can it be copied without being logged?
The moral of the sotry is that no matter what services are used, a business is ultimately responsible for its own compliance needs. Still, companies like Egnyte can reduce the burden of compliance by providing valuable services including backup, off-site storage, disaster recovery and a whole range of other services that protects data, while ensuring compliance.
Picture courtesy of
Comments are closed.