HIPAA Compliant Cloud Storage

There are many cloud storage services out there on the net that appeal to both personal and businesses users. However, some cloud services out there that focus on helping businesses in the medical space have to meet a standard that is known as HIPAA.

This is a federal act that is established in the medical industry and one that some cloud storages out there comply to in order to help provide a secure and efficient storage system for medical organizations and their clients. Here’s a look at what that means and some storage services that offer such support.

To start things off we need to examine what HIPAA is in itself. HIPAA is the federal Health Insure Portability and Accountability Act established in 1996. The idea is to make health insurance easier for people to keep & protect their confidentiality. However, it is important to note that there is no certification of HIPAA compliancy for these backup services or applications. So none of the services can 100% verify HIPAA compliancy. They can only do their best to meet the standards outlined.

The HIPAA rule breaks down into three main areas, the administrative, physical, and technical space. These storage services have to adhere to all of these. Its main idea is to protect the healthcare organizations data in the cloud very securely behind levels of encryption and protection. This makes it easy for industries to store offsite client data and have access to it when needed.

Many medical organizations have begun adopting cloud storage to secure records, patient info, and variety of other data into the cloud. This is a failsafe in the event their hardware is damaged or stolen. Cloud storage allows for a safe offsite backup of all that important data. Since this info is very confidential and private these HIPAA compliancy allow for the right services to store this highly important information in their servers. 15% of the US healthcare based systems have begun to adopt online cloud storage, according to a study by WallStreet Journal.

Backups can include anything from basic data to full scale images and scans in hospitals etc. This requires a scaling amount of data and thus these services have begun to implement custom plans or unlimited storage for such clients.

HIPAA provides a set of standards to which each cloud service must meet such as how data is uploaded in storage servers must be encrypted to HIPAA level standards. Besides, while stored on server the data must be encrypted again to HIPAA standards. How data is exported from the server must also be HIPAA standards. All data downloaded or restored from the service must be encrypted to HIPAA standards.

Security is obviously a major concern when it comes to these files so each service must pass these standards in order to harbor such data. A series of factors come into play from encryption levels, access/authorization practices, vulnerability testing and more. From the digital based securities down to the infrastructure of the servers and how the facilities are treated and cared for.

Here’s a list of some of the cloud services that are claiming to meet HIPAA compliancy standards.

  • Amazon (w/AWS)
  • Backblaze
  • Box
  • Carbonite Pro Plan
  • CareCloud
  • CrashPlan
  • CloudDIP
  • Egnyte
  • Google Drive
  • Symform


In a nutshell, with the overall growth in the technology and the healthcare industry, these advances require services to match. Many providers in the cloud space are now working to meet these requirements and adhere to these rules as best as possible. However until a clear verification or certification process is available we can’t say for sure which services best offers HIPAA compliancy. There’s a big list to look at and from there other factors surely come into play from security to pricing. At the end of the day however this is a big industry and customer for such services so we fully expect to see HIPAA compliancy rates raise in the coming years.

Leave a Reply