IT Compliance Advisor

Sep 14 2010   3:08PM GMT

Compliance and hosted services an uneasy fit for small companies

Fohlhorst Frank Ohlhorst Profile: Fohlhorst

For many small companies, compliance has become an expensive burden, forcing them to turn to hosted services. But the concept of shifting the compliance burden to a third party is not as easy as it seems.

This is particularly true when it involves HIPAA compliance. So many small companies, such as clinics and single practitioner offices, are forced to meet the same stringent requirements as much larger organizations.

There is a critical difference that separates the two. Larger organizations have IT departments, staff and budgets to meet these stringent requirements, and small companies do not. That makes smaller offices ideal candidates for hosted services and storage, but that still doesn’t eliminate the burden of compliance.

Ultimately, small company operators remain wholly responsible for their data and how that data meets compliance regulations. This means small business operators must vet their hosted services providers to make sure they are not the weak link in their compliance strategy.

Luckily, many businesses providing hosted services are becoming certified for compliance. Take Egnyte, a small hosted file server/hosted storage vendor offering HIPAA compliance services to its customers. To achieve compliance certification, Egnyte had to go through third-party auditing and deploy technologies that keeps data compliant.

For example, Egnyte has to encrypt data at rest and in motion. What’s more, the company had to implement a solid disaster recovery plan that protects against data loss, as well one for backing up data locally and at an alternate site. Comprehensive logging and user logon security is another area that Egnyte had to address to meet compliance needs. All of those elements together (and some not mentioned) is how Egnyte achieved compliance certification.

However, if a business with HIPAA requirements chooses Egnyte for file storage or other services, that business will not automatically become compliant. Why? Because consideration must be given to what happens to the data on-site, how that data is stored, who has access to it, who audits the data, and how it is protected. For instance, is the data encrypted? Can it be copied without being logged?

The moral of the story is that no matter what services are used, a business is ultimately responsible for its own compliance needs. Still, companies like Egnyte can reduce the burden of compliance by providing valuable services including backup, off-site storage, disaster recovery and a whole range of other services that protects data, while ensuring compliance.

Frank Ohlhorst is an award-winning technology journalist, professional speaker and IT business consultant with more than 25 years of experience in the technology arena. He has written for several leading technology publications, including Computerworld, TechTarget, PCWorld, ExtremeTech and Tom’s Hardware, and business publications including Entrepreneur and BNET. Ohlhorst was also executive technology editor at eWEEK and director of CRN Test Center.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: