Like others who deal with credit card information, PayPal requires QualSight to comply with the Payment Card Industry (PCI) standard. With 800 practices, QualSight could have implemented its own virtual private network (VPN). But instead, QualSight is using a cloud-based, HIPAA-compliant VPN and database server to securely serve transactions through the cloud. Instead of going with the usual Oracle or MySQL database, QualSight uses open-source PostgreSQL.
The key to making all this work, apparently, is to find just the right cloud hosting vendor, which in QualSight's case is FireHost. "We've been with FireHost for probably a year and a half by now, and I've been very happy," says Carlos Navarro, manager of IT at QualSight.
In January 2010, QualSight was running its own instance of the database from its offices. Such on-premise operation is another assumption of many healthcare providers today.
Then came the hackers.
"Nobody was here in the office," Navarro says. "There was an attempt to hack us from China. We determined that later, there were 15,000 attempts, and they successfully did penetrate. However, no damage was done."
[Editor's note: The hacking attempts did not actually penetrate or compromise QualSight's network in any way.]