CenturyLink achieves HIPAA compliance for your data through strict adherence to required guidelines, policies and procedures. These efforts include multiple firewalls and non-ePHI VMs as well as encryption and key management.
Covered entities and their business associates that are required to comply with the U.S. Health Insurance Portability and Accountability Act (HIPAA) can leverage CenturyLink to process, maintain and store individually identifiable health information or protected health information (PHI). With the required controls in-place in the customer environment (data encryption, access restrictions, etc.). CenturyLink will sign a Business Associate Agreement (BAA) that can be leveraged as part of the customer's overall compliance program. If the protected data is encrypted and if the CenturyLink staff does not have access to it, a customer is not obligated to arrange a BAA to be in compliance with HIPAA.
Dedicated managed firewall service with intrusion detection & prevention
Data protect encrypted backup service
Managed active directory service with custom rules
Vormetric encryption and key management
Managed vpn with two-factor authentication
Managed threat management security scanning and penetration testing
Integrity monitoring (Tripwire)
Managed intrusion detection & prevention (IDS/IPS)
Custom storage array (SAN)
The CenturyLink Products and Services illustrated in this document are guidelines for implementing a HIPAA compliant solution using Dedicated Cloud. Attaining overall HIPAA compliance remains the responsibility of the Customer.