Administrative Safeguards for GPU Resources:
As with all HIPAA legislation, compliance requires a team effort from Atlantic.Net and the Healthcare
Organization we are onboarding. Our expert teams will work along side you to introduce the core
administrative requirements. Such requirements must be met by Atlantic.Net and our clients.
Risk Analysis and Management:
Providers need to conduct a comprehensive risk assessment tailored to GPU-intensive operations prior
to embarking any task containing ePHI. These assessments should address potential vulnerabilities
associated with processing large datasets and deploying machine learning and deep learning models.
There are strict rules protecting PHI so all datasets must be used correctly and in scope of
compliance. This may require individual processing or data obfuscation.
The risk assessment must act as a baseline, and robust risk management policies must be implemented
to mitigate identified risks, ensuring security, scalability and compliance.
Business Associate Agreements (BAA):
A critical component is the establishment of Business Associate Agreements (BAA) with all entities
involved in processing ePHI, including any third-party software or public cloud services providers
supporting GPU resources. Atlantic.Net is ready to sign a BAA with your Healthcare organization
today.
Workforce Training and Management:
Training is one of the most important areas of HIPAA compliance. Comprehensive HIPAA training must be
provided to all personnel, including data scientists and engineers, who have access to ePHI on GPU
servers. These personnel must understand the rules and regulations for handling sensitive data.
Training, combined with strict access control policies should be enforced throughout your IT
environments, limiting users' access to only the necessary ePHI.
Policies and Procedures:
Detailed documentation of all HIPAA-related policies and procedures, specifically addressing GPU
usage, must be maintained. This helps to ensure HIPAA compliance.
Physical Safeguards in Data Centers:
Data Center Security:
One of the great benefits of outsourcing to a HIPAA Compliant GPU Hosting provider is that your
offload the complexities of running a heavily audited data center location. All Atlantic.Net
facilities in the United States offer our HIPAA Compliant Service. Most will offer GPU services with
more coming online shortly.
Atlantic.Net data center facilities hosting GPU resources implement robust physical security
policies, including biometric access control, 24/7 surveillance, and environmental monitoring. We
maintain a secure data center environment with rigorous access procedures to prevent unauthorized
access.
Need bare metal servers or dedicated server options? Atlantic.Net data centers provide this and it
includes our GPU service offering as well!
Hardware Security:
Atlantic.Net implements physical security measures to protect GPU hardware from tampering or
unauthorized removal. All server cages are locked, and we have multiple layers of security at the
software and physical layer to prevent unauthorized access.
Secure data erasure protocols are in
place for all storage devices containing ePHI.
Technical Safeguards for GPU Environments:
Access Control:
All Atlantic.Net healthcare GPU hosting meets full HIPAA Compliance for Access Controls. All our
employees are vetted for secure access and we can help you implement role-based access control
(RBAC) to restrict your users' access to ePHI based on their job functions.
All hosting solutions include strong authentication mechanisms, including multi-factor
authentication, and permission sets that follow the principle of least privilege.
Audit Controls:
Auditing GPU hosting is a critical part of HIPAA regulations. We provide comprehensive audit logs
that track all access to ePHI on GPU servers. Logging is essential, and we have the tools to
understand large datasets at scale, offering industry-standard audit controls
We undertake regular reviews of audit logs which is essential for detecting and investigating
security incidents from our Intrusion Protection Systems. We implement automated controls plus a
support team that responds to unexpected alerts.
Integrity Controls:
Atlantic.Net HIPAA GPU Hosting includes data integrity controls managed by our SIEM platform. These
controls continuously monitor and alert when unexpected alterations or deletion of ePHI occurs.
Further protections include real-time File Integrity Monitoring (FIM) of critical files, database
integrity checks via checksums and transaction logs, and rigorous data validation.
Our systems perform continuous log analysis and network monitoring, triggering immediate alerts and a
defined incident response plan upon detecting unauthorized alterations. Detailed audit trails are
maintained, and regular security assessments ensure ongoing compliance with HIPAA integrity
standards, providing the best protection against data corruption and manipulation.
Transmission Security:
Atlantic.Net ensures ePHI transmission security through GPU data encryption, both within the data
center and across external networks. Any workload being processed is encrypted to meet HIPAA
requirements.
When combined with our comprehensive network security measures, our GPU customers get access to our
secure ecosystem designed to prevent unauthorized access and safeguard data during transit. This
includes encryption protocols, secure network configurations, and continuous monitoring to maintain
the confidentiality and integrity of ePHI during all transmission activities.
Encryption:
Atlantic.Net's HIPAA GPU Hosting uses multi-layered encryption to secure ePHI at rest. This includes
Full Disk Encryption (FDE) with AES-256 for all GPU server storage, optional encrypted file systems,
and hardware-based memory encryption where applicable.
Secure key management is provided by Key Encryption Keys (KEKs), regular key rotation, and Hardware
Security Modules (HSMs) or KMS integration. Additionally, logical data partitioning isolates ePHI,
and application-level encryption can be used for specific workloads, ensuring comprehensive
protection.
To maintain compliance, rigorous key management practices are enforced, including secure generation,
storage, and rotation of encryption keys. We are audited at least twice a year of encryption
configurations and key management are conducted. This approach ensures that ePHI on GPU servers and
storage devices remains protected against unauthorized access.
Disaster Recovery and Backup:
Atlantic.Net's HIPAA GPU hosting platform provides reliable backup and disaster recovery options to
safeguard your critical data and ensure business continuity. We offer secure off-site backups for
your GPU server data and configurations, scheduled to meet your specific needs and align with HIPAA
retention policies.
Backups provide a reliable safeguard against data loss, though restore times may vary. For
organizations requiring minimal downtime, we offer replication for enhanced availability, creating
copies of your data in a secondary location. While replication offers faster recovery, failover may
require manual intervention and potential restore times.
Regardless of whether you choose off-site backups or replication, Atlantic.Net prioritizes data
integrity and security. All backups and replicated data are encrypted, and robust validation
procedures ensure data accuracy.
Software and Application Security:
To exceed HIPAA requirements, Atlantic.Net maintains all software and applications with the latest
security patches and updates, minimizing vulnerabilities. Intrusion detection and prevention systems
(IDPS) are deployed to continuously monitor for and block malicious activity, safeguarding against
unauthorized access and data breaches.
We conduct regular vulnerability scanning and penetration testing to proactively identify and address
potential security weaknesses, while secure coding practices are enforced for custom
applications.
Network Security:
Strong network security is needed to protect the HIPAA Platform. We do this by deploying stateful
firewalls (WAF) to control network traffic and prevent unauthorized access. We implement secure
network configurations, including virtual private networks (VPNs) and network segmentation to
isolate ePHI and restrict access to authorized users.
