Middle Tennessee is home to more than three hundred healthcare companies representing over 300,000 jobs and $50 billion in Global Revenues.   Regulatory pressures, in the form of industry and governmental mandates, have become an increasing focus of healthcare IT management and executives. Many of our customers are concerned about their regulatory obligations, and it is important that they know Peak 10 is here to help. In general, the burden of regulatory compliance rests with our customers as business owners; however, there are a number of service offerings which can assist customers with this area of their business.

 

Some Peak 10 clients are bound and governed by the Health Insurance Portability and Accountability Act (HIPAA). These customers are commonly referred to as “covered entities” (or Business Associates of Covered Entities). Generally, Peak 10 does not directly control or access the information managed by any covered entity. However, some customers must disclose to, or have Peak 10 use, protected health information (PHI) to provide the contracted services.

 

In those cases where Peak 10 is accessing protected healthcare information, employees are guided by Peak 10’s Protected Health Information Policy

 

This policy explains the process for approval of HIPAA business agreements and steps necessary to protect against improper disclosure of private health information, and how to respond to its accidental release. Consequently, our customers must consider Peak 10’s services as a part of their overall IT internal control program. 

 

 

Peak 10 service offerings that are often reviewed for regulatory compliance are:

 • Physical Security

 • Logical Security

 • Environmental Security

 • Disaster Recovery

 • Data Storage Services

 

In these areas, it is important to distinguish between the services contracted with Peak 10 and the responsibilities of the customer. Bottom line is you can’t outsource responsibility but you can get help by strategically outsourcing components of your business to help offset the exposure and costs associated with regulatory compliance.    Peak 10’s geo-redundant data centers and service offerings may be an element of the customer’s plan.

 

For example, if a customer is seeking to comply with external logical security standards, the reviewer should not focus on Peak 10’s logical security policies and procedures, but on those services Peak 10 provides, such as firewall management, anti-virus and patch management, that complement the customer’s own logical security program.

 

Peak 10’s SAS 70 report can be a valuable resource for companies seeking assurance to support their compliance efforts with various regulatory demands.

 

Peak 10’s SAS 70 audit report is designed to be “SOX-friendly” and closely matches the requirements and expectations of Sarbanes-Oxley auditors. This report also addresses the key areas of Peak 10’s services and can therefore help support any number of other regulatory compliance needs.

 

Distinct and apart from customer compliance efforts, Peak 10 manages internal operations which are well governed to support the expectations of prospects, customers and their auditors. 

 

Peak 10 has established an internal independent quality assurance and compliance organization to support operational risk management, audit programs, corporate governance, and regulatory compliance. Peak 10 has also engaged an external audit firm to complete annual audits which are compliant with the AICPA Auditing Standard N0. 70 and is modeled around Sarbanes-Oxley requirements.

 

Additional information regarding HIPAA, PCI and GLBA is available by contacting Peak 10 Nashville at (615) 254-8324. 

 

(Drew Fassett is the Vice President and General Manager for the overall operations of Peak 10 Nashville, the leading independent data center operator and managed services provider.   Peak 10 is a managed services company with world-class data centers. It delivers scalable, economical and reliable solutions for hosting and managing complex information technology infrastructure. For more information, please visit www.peak10.com/nashville.)

 

 

 

Nashville 1
7100 Commerce Way • Suite 25 • Brentwood, TN 37027

425 Duke Drive • Suite 400 • Franklin, TN 37067