We ar ea healthcare company that handles PHI (Personal Health Information) and we need to be HIPAA secure. We have an EHR and our own software that will be hosted in a HIPAA secure server, etc. But we are looking for a good cloud hosted (inexpensive) CRM for screening new potential participants before getting them officially into the EHR system once they sign up. Would love your thoughts...
Take a look at Dynamics on Azure. Azure has a section that is HIPAA compliant (frankly that's why we opted for Azure as our platform - and you might consider that for your server environment as well in the future). Essentially MSFT simply requires a "Business Agreement" around the PHI to be stored and then your components are stored in the HIPAA compliant portions of Azure
Senior Java Software Engineer at Direct Commerce
April 14th, 2015
For our needs, we simply have our application encrypt/decrypt on the fly so that all PII is encrypted at rest on the disk. So if if a malicious person were to steal a snapshot of the entire database, it'd be useless without the encryption key - which is not available to be read on any file system.