QB in the Cloud: Is It HIPAA Compliant?

June 7th, 2016

There are several vendors to choose from when selecting a host for your QuickBooks application.

But how many of them are HIPAA-compliant?

If you’re a vendor that provides services to a healthcare client — or you’re a healthcare provider yourself — then you need assurances that any applications with potential Protected Health Information (PHI) are HIPAA compliant.

While many vendors actually have protocols in place to make the application technically compliant, they aren’t willing to sign a Business Associate Agreement (BAA) for you.

Before you buy, be sure to ask these three critical questions:

  1. Has the hosting provider had its yearly HIPAA audit? Find out if the provider has undergone the required yearly data center and infrastructure audits to comply with the current HIPAA standards. These audits help ensure that the provider you choose is dedicated to privacy—and is indeed HIPAA Compliant. Ask to see if they’re able to provide a summary document.
  2. Do you trust the Cloud Storage Provider? When choosing the Cloud Storage Provider that is right for you, trust is crucial. If you don’t trust the provider, how can you be confident that they are taking care of all of your sensitive data? We recommend doing your homework. Make sure they are genuinely interested in protecting your critical data and that they’re as invested in this process as you are.
  3. Is there a BAA in their contract? — Be sure that the Cloud Storage Provider’s contract includes a Business Associate Agreement. A written contract should include everything in this sample agreement.

Virtual Systems’ Hosted QuickBooks is HIPAA compliant

At Virtual Systems, our hosting solutions for QuickBooks, VS QB Virtual Desktop, is proudly HIPAA compliant.

All data is stored on centrally located servers, instead of on local desktops or devices. Servers are located in highly-protected data centers, secured with monitored alarm systems, card access, and state-of-the-art temperature and humidity controls. We never share network traffic and all client data is transmitted in its own secure virtual network.

Additionally, our technical product architecture and security protocols are audited annually. Our staff is specially trained to identify and resolve potentially non-compliant issues. But don’t just ask us, ask our auditors. Here’s what they had to say, “The Audit & Assessment finds the overall safety and soundness of the Virtual System’s IT infrastructure to be intact.”

Here are the specifics:

  • Executives and management have adopted and implemented adequate policies and procedures
  • Executives, management, staff, and vendors properly identify, measure, monitor, and control existing and potential risks
  • Management, staff, and vendors have sufficient expertise to adequately plan, direct, and control operations; controls and safeguards for NPI, PHI, CI, and organization information and assets have been adequately implemented
  • The organization conducts appropriate notification following a breach of unsecured NPI, PHI, and CI
  • The organization is in substantial compliance with applicable industry standards and federal oversight rules and regulations

If you’re considering moving your QuickBooks to the cloud, don’t leave yourself exposed. Virtual Systems will gladly sign a BAA for you so you know you’re complaint—and your data is always secure.

Leave a Reply

Leave a Reply

Notify of

Let's Talk