Doctor’s Orders: An apple a day plus secure and compliant data center colocation

By: In: Data Centers On: Sep 17, 2014

As we celebrate National Health IT Week, we’re wondering:  is healthcare a privilege or a right? It seems like everyone has a point of view on the issue and it’s become a hotly debated topic. Regardless of your opinion, you cannot debate the importance of quality healthcare. We need dedicated doctors and nurses to provide care to those that are sick or injured. We all rely on our healthcare providers to administer vaccines, prescribe drugs when we are ill and perform lifesaving operations. The healthcare industry is the most significant factor in determining our well-being.

Today our healthcare system is facing increasing pressures that go far beyond simple patient care. Medical Information Systems, Electronic Medical Records (EMRs) and Picture Archiving and Communication System (PACS) are putting an enormous strain on healthcare IT. So along with dedicated doctors and nurses, we must also depend on reliable data centers. And not just any data center, one that will ensure the security and compliance of sensitive patient information.

With the rapid growth of data from EMRs and PACS, most healthcare organizations need more data center capacity. Building a new data center is expensive and could take years to complete. Colocation is a great solution for budget constrained healthcare organizations. With colocation you have the flexibility to scale as you grow and only pay for the capacity you need today. But not just any colocation facility will work –  since healthcare providers  cannot compromise security and compliance.

What should healthcare organizations look for in a data center colocation provider? What questions do you need to ask?


You need to make sure that the security of the colocation facility is robust and enabled through the use of multiple secured areas and man traps that require three-factor security checks: biometrics; access cards; and PIN codes. Be sure that the facility is monitored 24 hours a day, 365 days a year.

The colocation provider needs to go beyond providing “locks on the doors”. You need to be sure that the provider has rigorous security processes and procedures in place. Who can gain access to the data center and what credentials are required? Are background checks required?

You also need to ask about on-site staff and if the provider uses contractors or employees. Are they well trained and do they receive reoccurring training? Does the training include healthcare-specific regulations and compliant processes? Don’t forget to ask if employees are fully vetted and have gone through rigorous background checks.


When it comes to your data center colocation provider, you must fully understand the physical security and controls of the facility. Be sure to ask if they follow HIPAA compliant processes and that all operational procedures are documented and audited on an annual basis. If your colocation provider does not comply with HIPAA standards, you could face significant penalties — as much as $1.5 million per violation.

Once you are comfortable with the physical security of the facility, ask about employee practices. Make sure thatthe colocation provider screens all employees using comprehensive background checks. And they are trained to properly support your industry-specific requirements.

Security and Compliance Matter

As you consider data center colocation to ease information overload, move your data center operation to a facility that is built and operated in accordance with the most stringent regulatory standards.  As you evaluate data center colocation providers, ask about HIPAA compliance.  You need to ensure that any potential colocation provider can meet or exceed industry standards.

Participate in this and all conversations around National Health IT Week at #NHITweek.

← Don't Call me Carnac: The Future of Cloud and Healthcare Delivery HIM and IT: The Odd Couple of Information Governance? →

Leave A Comment


About the author

Carol Genis

Carol Genis is the Senior Product Marketing Manager for Iron Mountain Data Centers. In this role, she is responsible for the communication of integrated solutions that allow our customers to extract more value from their data center deployments. Prior to joining Iron Mountain, Ms. Genis served in similar roles at IBM and Hewlett-Packard. Follow me on Twitter @CGenis