If your organization is a covered entity— including health plans, healthcare clearinghouses, and healthcare providers—choosing any vendor requires extra diligence. First of all, your own systems and operations need to comply with HIPAA rules. Secondly, any company that handles or processes protected health information (PHI) for you is designated as a business associate and must enter into a business associate agreement with you. As a result, your vendor evaluation should prioritize security and privacy.
Based in Fountain Valley, California, Socaldata has been hosting email and websites since 1995. There is very little information available online about the company, although according to one directory, Socaldata has 24 employees and annual revenue of $4 million. Socaldata has a lot to say about its "choice of data center" based in Irvine, devoting its About Us page to describing the facility rather than the organization. "This facility boasts fully redundant power with diesel generators for backup, diverse paths and providers for Internet access, and automated, reliable security services," the company notes. "There are six different fiber carriers that terminate to in the facility which is more than any other data center in this region . . . Time Warner Telecom, SBC, Pac Bell, WorldCom, XO Communications, Cox, and ICG all terminate into the data center."
As far as service offerings, Socaldata features "reliable business web hosting," with " secure solutions" that include email protection and remote backup, the latter including daily backups to physical tape that are placed in a fireproof safe. Many of the links on the website don't go anywhere. The business location map is broken, as is the live chat feature.
Nonetheless, Socaldata invites you to contact them in order to:
Who wouldn't want to do those things?
The word secure appears four times on the Socaldata home page, plus the aforementioned secure solutions page. Across the relatively sparse Socaldata website, here are the security services and features described:
It's not clear if Socaldata's file encryption extends to email encryption, or whether TLS is employed. Similarly, its "business protection services" suggest some form of data loss prevention (DLP) and email spam filtering, but no details are provided.
There is no mention of HIPAA on the Socaldata website. The website also lacks references to any other industry standards (like HITRUST) or regulations (like GDPR). The lack of available information about and from the company in general (the company posted to Twitter twice in 2010 and not a peep since) leaves us quite confident that Socaldata is not a HIPAA compliant technology vendor.
Performing due diligence is an important part of evaluating any vendor, and conducting searches online is only part of the process of building a complete picture of a company's strengths and weaknesses. Considering the substantial amount of information that's readily provided by most website hosting companies and email providers, however, it's easy to rule out candidates that are veritable mysteries.
SEE ALSO: HIPAA Compliant Email: The Definitive Guide