HIPAA tech
HIPAA dvisory
HIPAAdvisory > HIPAAtech Phoenix Health Systems
news
regs
action
tech
wares
alert
live
latest
online HIPAA training
HIPAAstore
HIPAA help desk
search
contact us
site map

Application Service Providers

An Application Service Provider (ASP) provides remote access to applications, typically over the Internet. ASPs are used when an organization finds it more cost effective to have someone else host their applications than to do it themselves. The ASP provides the "backend" hardware and software. An ASP can provide an application as simple as web-based e-mail or it can be a more complex multi-entity patient scheduling system. Most work on a monthly or yearly subscription fee.

The ASP's potential is to cut the healthcare user's capital expenditures. Additionally, the ASP is responsible for upgrading and maintaining the software. Using ASPs can give an organization predictable costs to budgets while reducing the risk of big capital investments in new software licenses and hardware.

Emerging ASP Model Targets Health Records by Heather Havenstein, Computerworld, May 9, 2005
Several large groups of physicians are gearing up to offer smaller medical practices access to the electronic medical record (EMR) software they use, via an application service provider type of model.

HIPAAdvisor #16: Q & A with Steve Fox: Partnering with an ASP

Choosing an ASP? Think Security First.
 Risk levels for customers’ data increase as outsourcing becomes all the rage. Includes questions to ask a potential ASP

Security issues at forefront of ASP deployments by Paul Krill, InfoWorld Daily News, May 22, 2001
Enterprises looking to farm out applications to an ASP (application service provider) need to look at security issues such as SLAs (service-level agreements), policies, and independent audits, panelists said at an ITAA meeting, "Enhancing app delivery through ASP partnerships," held in Santa Clara, California on Tuesday.

The issue of HIPAA and its medical data privacy rules is a concern, panelists said. Kathy Kriese, senior product manager for cryptography and digital certificate management products at RSA Security, said, "As for HIPAA, we are starting to see more customers come to us and ask, 'How can we comply with HIPAA?'" Willy Leichter, product marketing manager for authentication access control products at Secure Computing, stated security and privacy can go hand in hand but also can be contradictory. There are a lot of misconceptions about what is required by HIPAA, and a big issue is whether there will be liability for health care executives.

Security issues the panelists addressed:

  • Prospective ASP customers need to ask what the ASP's security policies are and inquire about scalability of an ASP's security system.
  • ASPs should have multiple layers of security and have had a third-party, independent audit from someone who knows what they're doing.
  • Customers should ask whether the ASP handled a single-purpose monolithic user or different types of users.
  • Users should ask about risk thresholds and current users.
  • In multiple shared-server environments at ASPs, a trusted OS can be a solution. "Trusted OSes give you more security with people sharing the same box than you can have with firewalls," said the panel's moderator, Paul McNabb, senior vice president and CTO at Argus Systems Group. .

Go to TOP