Frequently asked questions
What is the ShareFile Cloud for Healthcare?
The ShareFile Cloud for Healthcare is a dedicated, secure storage space within a private cloud where customers who use ShareFile to upload and share protected health information (PHI) have that data processed and stored.
This private cloud hosts multiple customers, but it is dedicated for only those customers in industries that process or store PHI, such as healthcare, insurance and financial services.(Other ShareFile customer accounts are hosted within a public cloud, which is a secure cloud storage space that hosts multiple customers in a wide variety of industries.)
The Omnibus Final Rule to the Health Insurance Portability Accountability Act of 1996 (HIPAA) enhanced security requirements for businesses that interact with and transmit PHI. Penalties for noncompliance with these requirements began on Sept. 23, 2013. In response to the new rules and to further reduce the risk associated with a breach of PHI, ShareFile updated its network and security architecture to provide enhanced security for customers who need to protect PHI. ShareFile places the PHI of all customers who to enter into a BAA Business Associate Agreement (BAA) in this special secure enclave dedicated only for PHI.
ShareFile’s compliance with the HIPAA Security Rule has been assessed by an independent, third-party security consulting firm, Sword & Shield Enterprise Security, Inc. ShareFile also will enter into a BAA with customers that want to upload and share PHI using ShareFile. The features available to customers as part of the ShareFile Cloud for Healthcare will support our customers’ compliance obligations under HIPAA.
If you wish to use your ShareFile account to transmit or store PHI, you are eligible to use the ShareFile Cloud for Healthcare.
Customers who want to utilize the ShareFile Cloud for Healthcare must enter into a BAA before ShareFile can provision their account in the ShareFile Cloud for Healthcare. Without a signed BAA, ShareFile is not aware that customers are uploading PHI and will not know if they need to safeguard PHI.
ShareFile maintains a BAA for covered entities, such as hospitals, doctors’ offices and health insurance providers, and a BAA for other business associates, such as accounting or consulting firms that work with covered entities. Customers designated as a covered entity under HIPAA must sign the Covered Entity BAA before using ShareFile to process and store PHI. Similarly, customers designated as business associates under HIPAA must sign a Business Associate BAA.
Customers who choose to use customer-managed StorageZones will not need to execute a BAA with Citrix, as Citrix will not maintain access to the data stored in theStorageZones and the files will not be hosted on Citrix servers. If you plan to use a cloud service (such as Windows Azure) for your customer-managed StorageZones, Citrix recommends that you enter into a BAA with your chosen cloud-service provider.
If customers are found to be in violation, penalties for noncompliance with HIPAAcan be stringent. It is our customers’ responsibility to determine their exposure toHIPAA liability. ShareFile cannot provide legal advice to our customers on HIPAA.
You will not see any visible changes to your account when your data moves to the ShareFile Cloud for Healthcare. You will still have the same easy-to-use interfaces that you currently enjoy with ShareFile and the same access to our tools and apps. The only change to your account is that ShareFile will now store your data in a special secure enclave dedicated only for PHI.
There is no additional cost to join the ShareFile Cloud for Healthcare.