What Is HIPAA Compliant Online Cloud Storage – Which Is The Best?

Best HIPAA Compliant Online Cloud Storage

What Is HIPAA Compliance?

Before we start figuring out which is the best HIPAA compliant online cloud storage, let us learn a thing or two about it.

HIPAA or the Health Insurance Portability and Accountability Act sets a standard that cloud services and businesses need to follow in case they hold sensitive patient information. Covered entities who treat patients and business associates that have access to patient information must all work in an HIPAA compliant environment.


What Are The Responsibilities Of A Cloud Service Provider?

Best HIPAA Compliant Online Cloud Storage

A cloud service provider must make sure to follow the guidelines of the HIPAA compliance. Here's what they consist of:

  • All data must be encrypted while in transit or at rest on the servers.
  • Cloud service provider must implement security and privacy policies that ensure that all PHI (protected health information) is being treated accordingly to HIPAA compliance.
  • Physical access to the data centre must be restricted.
  • Disaster Recovery: Cloud service provider must ensure that all the data is saved securely even in the case of a mechanical failure. That's achieved with redundancy and backup systems.
  • Supervision and appropriate training of personnel at data servers and employees in the company.

What Are The Responsibilities Of The Covered Entity?

Best HIPAA Compliant Online Cloud Storage

The cloud service provider isn't the only one that has to make sure all the PHI is saved securely. The business owner or the covered entity must also follow the guidelines:

  • The covered entity must sign a HIPAA BAA (Business Associate Agreement) before it uploads any PHI to the cloud.
  • It must also make sure that all of the devices that have access to the PHI are protected accordingly.
  • Protecting login information to the cloud service software.
  • Implementation and enforcement of various policies that describe how employees should handle the PHI.

What Is A HIPAA BAA?

Best HIPAA Compliant Online Cloud Storage

HIPAA BAA or HIPAA Associate Business agreement is a document that both parties sign before any cooperation begins.

This document puts legal liability on the cloud provider and also opens the cloud provider up to audits by the US federal government. The US federal government conducts regular HIPAA compliance audits across all covered entities, including cloud service providers.

The document describes various definitions, obligations of both parties,  permitted uses and disclosures, terms and other misc.


The Consequences Of A Data Breach

A cloud service provider can't simply declare themselves to be HIPAA compliant. A data breach could result in the shutdown of the cloud service provider, an expensive lawsuit and millions of dollars in fines.

From a cloud service provider perspective, HIPAA compliance comes at a high cost. It's expensive to implement and maintain. They need a legal team to review the BAA, various policies that ensure that all employees are handling the PHI accordingly to HIPAA. Implementation of the right technology and infrastructure is also needed to ensure all HIPAA guidelines are being followed.

If a data breach happens, the cloud service needs to undergo an extensive and expensive audit to clear them from liability, even if the fault was client-side. 


Here are a few examples of the seriousness of HIPAA:

  • Memorial Healthcare Systems (MHS) - HMS from Florida had to recently pay a $5.5 million HIPAA settlement. The data breach happened back in 2012 where HMS employees inappropriately accessed sensitive patient information - Original article.
  • Concentra Health Services in Springfield, Missouri had to pay more than $1.7 million in fines due to a stolen laptop that had access to sensitive PHI - Original article.
  • Arkansas' QCA Health Plan, Inc. had to pay $250.000 for the same reason which resulted in an exposure of sensitive information of 148 patients - Original article.

Best HIPAA Compliant Online Cloud Storage

Sync.com

Sync.com Logo3

Sync uses "Zero Knowledge" platform which guarantees your privacy by encrypting and decrypting your data client-side. Moreover, the encryption keys that are used to encrypt your files aren't in the hands of Sync, but only you. Even the password to your account is unknown to them. HIPAA compliance is available to business users. Before you start cooperating with them, you'll sign the BAA.


Are you searching for a personal cloud storage?

Check our top list by clicking on the button below.


Are you searching for a business cloud storage?

Check our top list by clicking on the button below.



What do you think about "HIPAA Compliant Online Cloud Storages"? Share your opinion in the comment section down below!

Dejan Miladinović

Hey there! I am the founder of cloudstorageinfo.org. My website is dedicated to people that are interested in cloud services and anything related to them. Hopefully, you found the post written above useful and intuitive. I would be happy to discuss it more in the comments section. If you have any questions ask them down below and I'll answer them shortly.

6 thoughts on “What Is HIPAA Compliant Online Cloud Storage – Which Is The Best?

  • December 3, 2017 at 03:33
    Permalink

    Cloud storage is so much bigger than I thought. I only just recently joined a cloud storage service but I’m looking to learn more about it for curiosities sake.

    This could be an interesting method of transferring patient information from specialist to specialist. But it could also be quite harmful if that info is lost, like in Arkansas.

    Is it quite common for medical institutes to use cloud storage for patient information? Or is this a relatively new practice?

    Reply
    • December 3, 2017 at 22:35
      Permalink

      Hello Isaya,

      Well, the whole HIPAA was introduced to protect client intel and information so that medical institutions wouldn’t be able to store the info just anywhere. I don’t believe larger hospital use the cloud to save information, they have their own servers on their property. I do believe and know that smaller institutions such as private dentist offices, private surgery offices etc. use HIPAA complaint cloud storages. It’s useful and it’s safe.

      Dejan

      Reply
  • May 9, 2017 at 17:18
    Permalink

    Hey Dejan,

    A very good article with full of information about the cloud storage for the health industry.

    I am not from health industry BUT I am glad to have read this article as It provides me additional information about how patients data is being stored and saved securely with the help of HIPAA compliances.

    Thank you and I’ve learned something after reading this.

    Reply
    • May 9, 2017 at 18:31
      Permalink

      Hello Maxx,

      I am glad you found the article useful. That is basically the reason why I wrote it. To help you guys understand more about cloud storages and how they need to additionally protect client sensitive information – All according to HIPAA compliance.

      Thanks for stopping by.

      Dejan

      Reply
  • May 9, 2017 at 15:53
    Permalink

    What an awesome website!! I for one never understood how the “cloud” worked in protecting info. Your website allows us novice internet people to be assured we can check the legitimacy of cloud services that offer this. Thank you very much!!

    My new computer has a cloud saving option for pictures and files. I do wonder if they still take up space on my computers memory?

    Reply
    • May 9, 2017 at 18:24
      Permalink

      Hello Bonnie,

      That really depends on the cloud service provider. Most cloud storages still take up space on your computer with some exceptions like pCloud. If you were to give me your cloud service provider I could tell you.

      Dejan

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *