QB in the Cloud: Is it HIPAA compliant?

September 9th, 2019

Reading Time: 4 Minutes

There are several vendors to choose from when selecting to host your QuickBooks application in the cloud.

But how many of them are HIPAA-compliant?

If you’re a vendor that provides services to a healthcare client — or you’re a healthcare provider yourself — then you need assurances that any applications with potential Protected Health Information (PHI) are HIPAA compliant.

Many vendors actually have protocols in place to make the application technically compliant. But it they aren’t willing to sign a Business Associate Agreement (BAA) for you, then caveat emptor (Let the buyer beware).

Ask these three critical questions before you buy:

  • Has the hosting provider had their yearly HIPAA audit? — Be sure that the provider has undergone the required yearly data center and infrastructure audits complying with the current HIPAA standards. These audits will help ensure that the provider you choose is dedicated to privacy and is indeed HIPAA Compliant. Can they provide you with a summary document?
  • Do you trust the Cloud Storage Provider? — When choosing the Cloud Storage Provider that is right for you, trust is crucial. If you don’t trust the provider, how can you be confident that they are taking care of all of your sensitive data? We recommend doing your homework. Make sure they are genuinely interested in protecting your critical data and that they’re as invested in this process as you are.
  • Is there a BAA in their contract? — Be sure that the Cloud Storage Provider’s contract includes a Business Associate Agreement. A written contract should include everything in this sample agreement.


VSystems Hosted QuickBooks is HIPAA compliant

VSystems hosting solutions for QuickBooks — VS QB Virtual Desktop — is proudly HIPAA compliant.

All data is stored on centrally located servers, instead of on local desktops or devices. Servers are located in highly-protected data centers, secured with monitored alarm systems, card access, and state-of-the-art temperature and humidity controls. We never share network traffic. All client data is transmitted in its own secure virtual network.

Our technical product architecture and security protocols are audited annually. And our staff is specially trained to identify and resolve potentially non-compliant issues.

But don’t just ask us, ask our auditors. Here’s what they had to say:

The Audit & Assessment finds the overall safety and soundness of the Virtual System’s IT infrastructure to be intact:

  • Executives and management have adopted and implemented adequate policies and procedures;
  • Executives, management, staff, and vendors properly identify, measure, monitor, and control existing and potential risks;
  • Management, staff and vendors have sufficient expertise to adequately plan, direct, and control operations; controls and safeguards for NPI, PHI, CI, and organization information and assets have been adequately implemented;
  • The organization conducts appropriate notification following a breach of unsecured NPI, PHI, and CI; and,
  • The organization is in substantial compliance with applicable industry standards and federal oversight rules and regulations.

If you’re considering moving your QuickBooks to the cloud, don’t leave yourself exposed. VSystems will gladly sign a BAA for you.

Leave a Reply

Let's Talk