en_US / Resources / Articles

Is There HIPAA Compliant Cloud Storage?

In 1996, the Health Insurance Portability and Accountability Act (HIPAA) was passed, requiring restrictive measures to the safe handling of protected health information (PHI).

The result of these confidentiality measures has been a mad scramble for cloud-based storage that supports HIPAA compliance. The reality is that HIPAA compliance ultimately falls on you, not on any software program. That being said, it helps to rely on a cloud storage provider that makes it easy to demonstrate best practices for supporting HIPAA compliance.

Cloud storage that supports HIPAA compliance

HIPAA compliant file sharing involves the secure storage and transfer of private information. Consequences for a breach of compliance can include hefty fines and even jail time. According to an article published by the U.S. Department of Health and Human Services about Health Information Privacy,

The HIPPA Privacy Rule provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes.

The Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities and their business associates to use to assure the confidentiality, integrity, and availability of electronic protected health information.

Citrix ShareFile is a cloud storage software program that takes an extra measure for healthcare professionals to support their HIPAA compliance. ShareFile for Healthcare is a storage enclave that adds an extra layer of security to make supporting HIPAA compliance easily attainable.

Since more than 60 percent of HIPAA violations result from lost or stolen devices, being able to remotely wipe or lock company devices is a must for those that house sensitive data. ShareFile enables users to quickly lock and wipe lost or stolen devices from anywhere to protect stored data. But don't worry—wiped data is only wiped from that specific device and is backed up to multiple secure locations, so you will still have access to the data after the remote wipe takes place. In fact, all data is regularly backed up to multiple server locations and guarded against loss with hurricane-rated roofs and cage-locked servers.

Another common cause of HIPAA violations is weak data encryption. ShareFile protects data with AES 256-bit encryption, the same protocol used for top secret files of the U.S. government.

Additional ShareFile features that support HIPAA compliance include:

  • Session timeouts. This automatically logs you out of your ShareFile account after a period of inactivity
  • Integrity monitoring. Algorithms can verify the integrity of files during upload and download
  • Password protection. Our already secure password parameters can be configured to meet the preferences of your practice and are compatible with several identity management tools. According to Tech Target, "Identity access management (IAM) can be used to initiate, capture, record and manage their identities and their related access permissions in an automated fashion. This ensures that access privileges are granted according to one interpretation of policy and all individuals and services are properly authenticated, authorized and audited."
  • Firewalls. Securely configured firewalls protect files and limit access to network segments
  • Multi-factor authentication. Confidential documents require more than a single username and password to access. Our authentication process supports two-step authentication methods including token-based authentication and backup codes.
  • Account lockout. Account lockout helps prevent account tampering by locking your account after five invalid login attempts. By default, your account will be locked for five minutes, but these preferences can be customized to meet individual preferences or compliance requirements.

These are just a few examples of how ShareFile makes it easy to support HIPAA compliance with its cloud storage. Check out this white paper to see the full parameters of how we help support our customers in compliance. If requested, we will even sign a HIPAA Business Associate Agreement for you.

Start a free 30-day trial of ShareFile today and help make your cloud storage support HIPAA compliance.

Ready to try ShareFile? It's free for 30 days. No credit card required.

Related Information