What is the ShareFile Cloud for Healthcare?
The ShareFile Cloud for Healthcare is a dedicated, secure storage space within a private cloud where customers who use ShareFile to upload and share protected health information (PHI) have that data processed and stored. This private cloud hosts multiple customers, but it is dedicated for only those customers in industries that process or store PHI, such as healthcare, insurance and financial services. (Other ShareFile customer accounts are hosted within a public cloud, which is a secure cloud storage space that hosts multiple customers in a wide variety of industries.)
Why is ShareFile launching the ShareFile Cloud for Healthcare?
The Omnibus Final Rule to the Health Insurance Portability Accountability Act of 1996 (HIPAA) enhances security requirements for businesses that interact with and transmit PHI. Penalties for noncompliance with these requirements will be enforced as of Sept. 23, 2013. In response to the new rules and to further reduce the risk associated with a breach of PHI, ShareFile has updated its network and security architecture to provide enhanced security for customers who need to protect PHI. Now, ShareFile will place the PHI of all customers who provide us with a signed Business Associate Agreement (BAA) in this special secure enclave dedicated only for PHI.
Does the ShareFile Cloud for Healthcare support HIPAA compliance?
ShareFile has taken steps to comply with the HIPAA Security Rule. ShareFile’s compliance with the HIPAA Security Rule has been assessed by an independent, third-party security consulting firm, Sword & Shield Enterprise Security, Inc. ShareFile also will enter into a BAA with customers that want to upload and share PHI using ShareFile. The features available to customers as part of the ShareFile Cloud for Healthcare will support our customers’ compliance obligations under HIPAA.
Is my account eligible to use the ShareFile Cloud for Healthcare?
If you wish to use your ShareFile account to transmit or store PHI, you are eligible to use the ShareFile Cloud for Healthcare.
Do I need to sign a Business Associate Agreement with ShareFile?
Customers who want to utilize the ShareFile Cloud for Healthcare must sign and return a BAA to us before ShareFile can provision their account in the ShareFile Cloud for Healthcare. Without a signed BAA, ShareFile is not aware that customers are uploading PHI and will not know if they need to safeguard PHI.
ShareFile maintains a BAA for covered entities, such as hospitals, doctors’ offices and health insurance providers, and a BAA for other business associates, such as accounting or consulting firms that work with covered entities. Customers designated as a covered entity under HIPAA must sign the Covered Entity BAA before using ShareFile to process and store PHI. Similarly, customers designated as business associates under HIPAA must sign a Business Associate BAA.
What if I have already signed a Business Associate Agreement with ShareFile?
To reflect the new HIPAA requirements, ShareFile has updated its BAA. As a result, customers who signed a BAA prior to September 2013 will need to sign and resubmit the relevant updated BAA. To do this, please contact your account manager or email support@ShareFile.com.
What if I choose to manage ShareFile storage myself using customer-managed StorageZones?
Customers who choose to use customer-managed StorageZones will not need to execute a BAA with Citrix, as Citrix will not maintain access to the data stored in the StorageZones and the files will not be hosted on Citrix servers. If you plan to use a cloud service (such as Windows Azure) for your customer-managed StorageZones, Citrix recommends that you enter into a BAA with your chosen cloud-service provider.
What are the penalties I might face for not complying with HIPAA?
If customers are found to be in violation, penalties for noncompliance with HIPAA can be stringent. It is our customers’ responsibility to determine their exposure to HIPAA liability. ShareFile cannot provide legal advice to our customers on HIPAA.
What changes will I see in my account if I use the ShareFile Cloud for Healthcare?
You will not see any visible changes to your account when your data moves to the ShareFile Cloud for Healthcare. You will still have the same easy-to-use interfaces that you currently enjoy with ShareFile and the same access to our tools and apps. The only change to your account is that ShareFile will now store your data in a special secure enclave dedicated only for PHI.
How much does it cost to join the ShareFile Cloud for Healthcare?
There is no additional cost to join the ShareFile Cloud for Healthcare.
If you have any additional questions about the ShareFile Cloud for Healthcare or about your individual account, please contact us at 1-800-441-3453 or visit the ShareFile for Healthcare page