rofl, shit is bananas
$40/month for SSL Certificates? ROFL
Vulnerability Monitoring - $150/month
Regularly scan up to 10 IPs for, identify, prioritize, and remediate more than 5,000 vulnerabilities to help ensure your visitors are protected from data theft, credit card fraud, and much more.
Two-Factor Authentication $25/month per user account *
Total: $675
complaint? or compliant? swap the letters, two very different meanings.
Whats required to be compliant? Those prices are ridiculous.
HIPAA can’t be that stringent if they’re offering a virtual server using shared storage…
PCI DSS has technical requirements of using dedicated hardware for each role (e.g. back-end database server with no internet access, hardware firewall etc) as well regular security scans, process audits… I’d be surprised if someone that was PCI compliant wasn’t HIPAA.
|
HIPAA can’t be that stringent if they’re offering a virtual server using shared storage…
PCI DSS has technical requirements of using dedicated hardware for each role (e.g. back-end database server with no internet access, hardware firewall etc) as well regular security scans, process audits… I’d be surprised if someone that was PCI compliant wasn’t HIPAA. |
Those req’s are if you are storing actual card numbers. If you have a pass through gateway, the requirements are much much less.
Yes definitely, I was referring to the requirements PCI DSS SAQ D - which is the highest level as far as I’m aware; but this quote for HIPAA compliant hosting seems ridiculous in comparison to even the technical requirements of that.
Yea i definitely agree, which is why i am wondering what the compliance req’s are for HIPAA. They can’t be too hard to meet.
Hmmm thanks for the feedback. HIPAA, like most laws, is more geared to CYA than anything. I think my current host has some options for HIPAA resources - I just find this quote to be insane
amazon has a white paper on HIPPA:
not sure what the prices are for your requirements.
Being HIPAA compliant does not mean that an entity would be PCI DSS compliant and vise versa. These are two different standards with a similar goal in mind: protection of sensitive information (ePHI vs credit/debit cards). PCI is applicable for any process that stores, processes, or transmit cardholder data while the reverse is true for ePHI data.
It would help you to better define what you are looking for and the roles/responsibilities for protecting the data are. What are your business processes surrounding the protection of the data? Are you looking to offload hosting and/or management of systems to ABC hosting provider or will they function in more of an application service provider role (very different)?
~Karl