Speaking with Peter Davis, Partner Channel Manager in the Southeast for XO, about MPLS and HIPAA. XO recently held a webinar describing how their MPLS Solution can enable healthcare organizations to be HIPAA compliant.
The wording here is important. Transport is neither compliant or not. It is the end devices and users that must be HIPAA compliant. In other words, how the data is handled end-to-end has to be compliant, not the pieces and parts.
When speaking with Hospital HIPAA Administrators it is important to remember that part of compliance is security and part is procedure. The procedure part has to do with how all medical records (physical and virtual) are handled and secured, whether on-premise, in transit, at a data center, ona server or in a file cabinet.
With off-site data storage, the best solution for access is a private line, a Layer 2 VPN, or an MPLS network. Why? Segmentation of traffic. Security of data flow. Less chance for a lapse in security.
The data needs to be securely stored and backed up. EMR firms have to sell a fairly expensive proposition due to all the safeguards and redundancy that goes with accessing medical records from a remote server.
In many ways, the telecom agent can sell numerous pieces of the puzzle through XO (or other carriers or VAR's).
- The transport - private line, metro Ethernet, Layer 2 VPN, or MPLS.
- The data center - collocation for servers and networking gear
- Data storage and backup
HIPAA is more involved with procedures in place (and to be followed) on the storage, access and security of medical records than on the technology used to secure, store or transport those same medical records.
If you are looking for more info on MPLS, XO has an MPLS video series on YouTube and TCA has a stored webinar for its members on its website.