Best HIPAA Compliant Cloud Storage

Best HIPAA compliant cloud storage

Best HIPAA Compliant Cloud Storage

Before we start figuring out which is the best HIPAA compliant cloud storage, let us learn a thing or two about it.

HIPAA or the Health Insurance Portability and Accountability Act sets a standard that cloud services and businesses need to follow in case they hold sensitive patient information. Covered entities who treat patients and business associates that have access to patient information must all work in a HIPAA compliant environment.


What Are The Responsibilities Of A Cloud Service Provider?

Best HIPAA Compliant Online Cloud Storage

A cloud service provider must make sure to follow the guidelines of HIPAA compliance. Here’s what they consist of:

  • All data must be encrypted while in transit or at rest on the servers.
  • The cloud service provider must implement security and privacy policies that ensure that all PHI (protected health information) is being treated accordingly to HIPAA compliance.
  • Physical access to the data centre must be restricted.
  • Disaster Recovery: Cloud service provider must ensure that all the data is saved securely even in the case of a mechanical failure. That’s achieved with redundancy and backup systems.
  • Supervision and appropriate training of personnel at data servers and employees in the company.

What Are The Responsibilities Of The Covered Entity?

Best HIPAA Compliant Online Cloud Storage

The cloud service provider isn’t the only one that has to make sure all the PHI is saved securely. The business owner or the covered entity must also follow the guidelines:

  • The covered entity must sign a HIPAA BAA (Business Associate Agreement) before it uploads any PHI to the cloud.
  • It must also make sure that all of the devices that have access to the PHI are protected accordingly.
  • Protecting login information to the cloud service software.
  • Implementation and enforcement of various policies that describe how employees should handle the PHI.

What Is A HIPAA BAA?

Best HIPAA Compliant Online Cloud Storage

HIPAA BAA or HIPAA Associate Business agreement is a document that both parties sign before any cooperation begins.

This document puts the legal liability on the cloud provider and also opens the cloud provider up to audits by the US federal government. The US federal government conducts regular HIPAA compliance audits across all covered entities, including cloud service providers.

The document describes various definitions, obligations of both parties,  permitted uses and disclosures, terms and other misc.


The Consequences Of A Data Breach

A cloud service provider can’t simply declare themselves to be HIPAA compliant. A data breach could result in the shutdown of the cloud service provider, an expensive lawsuit and millions of dollars in fines.

From a cloud service provider perspective, HIPAA compliance comes at a high cost. It’s expensive to implement and maintain. They need a legal team to review the BAA, various policies that ensure that all employees are handling the PHI accordingly to HIPAA. Implementation of the right technology and infrastructure is also needed to ensure all HIPAA guidelines are being followed.

If a data breach happens, the cloud service needs to undergo an extensive and expensive audit to clear them from liability, even if the fault was client-side. To get a full grasp of how to avoid getting penalized for a breach check out this full guide.


Here are a few examples of the seriousness of HIPAA:

  • Memorial Healthcare Systems (MHS) – HMS from Florida had to recently pay a $5.5 million HIPAA settlement. The data breach happened back in 2012 where HMS employees inappropriately accessed sensitive patient information – Original article.
  • Concentra Health Services in Springfield, Missouri had to pay more than $1.7 million in fines due to a stolen laptop that had access to sensitive PHI – Original article.
  • Arkansas’ QCA Health Plan, Inc. had to pay $250.000 for the same reason which resulted in an exposure of sensitive information of 148 patients – Original article.

Best HIPAA Compliant Cloud Storage


Sync.com

Sync.com Logo3

Sync uses “Zero-Knowledge” platform which guarantees your privacy by encrypting and decrypting your data client-side. Moreover, the encryption keys that are used to encrypt your files aren’t in the hands of Sync, but only you. Even the password to your account is unknown to them. HIPAA compliance is available to business users. Before you start cooperating with them, you’ll sign the BAA.

Read the Sync.com review here.


What do you think about my “Best HIPAA Compliant Cloud Storage” article? Share your opinion in the comment section down below!

6 thoughts on “Best HIPAA Compliant Cloud Storage”

  1. Cloud storage is so much bigger than I thought. I only just recently joined a cloud storage service but I’m looking to learn more about it for curiosities sake.

    This could be an interesting method of transferring patient information from specialist to specialist. But it could also be quite harmful if that info is lost, like in Arkansas.

    Is it quite common for medical institutes to use cloud storage for patient information? Or is this a relatively new practice?

    1. Dejan Miladinović Administrator

      Hello Isaya,

      Well, the whole HIPAA was introduced to protect client intel and information so that medical institutions wouldn’t be able to store the info just anywhere. I don’t believe larger hospital use the cloud to save information, they have their own servers on their property. I do believe and know that smaller institutions such as private dentist offices, private surgery offices etc. use HIPAA complaint cloud storages. It’s useful and it’s safe.

      Dejan

  2. Hey Dejan,

    A very good article with full of information about the cloud storage for the health industry.

    I am not from health industry BUT I am glad to have read this article as It provides me additional information about how patients data is being stored and saved securely with the help of HIPAA compliances.

    Thank you and I’ve learned something after reading this.

    1. Dejan Administrator

      Hello Maxx,

      I am glad you found the article useful. That is basically the reason why I wrote it. To help you guys understand more about cloud storages and how they need to additionally protect client sensitive information – All according to HIPAA compliance.

      Thanks for stopping by.

      Dejan

  3. What an awesome website!! I for one never understood how the “cloud” worked in protecting info. Your website allows us novice internet people to be assured we can check the legitimacy of cloud services that offer this. Thank you very much!!

    My new computer has a cloud saving option for pictures and files. I do wonder if they still take up space on my computers memory?

    1. Dejan Administrator

      Hello Bonnie,

      That really depends on the cloud service provider. Most cloud storages still take up space on your computer with some exceptions like pCloud. If you were to give me your cloud service provider I could tell you.

      Dejan

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top