As part of the requirements of the HIPAA policies and procedures, data centers with servers that contain ePHI data must be physically secured properly. Information Security must be notified of these servers and their location. The location of the server (generally a server room / data center) must be audited yearly for compliance.