The Health Insurance Portability and Accountability Act, better known as HIPAA, has mandated best practices in secure file sharing and transferring of protected health information (PHI). Here we cover top HIPAA Compliant file sharing services.
Note: while it is necessary to comply with HIPAA guidelines to transmit PHI information this does not alone guarantee that the organization is compliant. It is up to the Business Associate Agreement (BAA) and the entity to ensure that best practices are followed.
To legally process protected health information, organizations must follow standard practices. HIPAA mandate requires that primary healthcare organizations safeguard health information to include Health Plans, Health Care Providers, and Health Care Clearinghouses. Business associates that wish to transfer PHI data must comply with the act by protecting information regarding your healthcare, billing information, and information pertinent to the users’ medical record.
Popular as a file hosting service, DropBox allows the user to sync and store files in a central location and collaborate on projects with ease. DropBox follows a freemium business model where users are allowed to use the service for free - with more capacity and features available upon subscription.
DropBox requires users to enter into a BAA, mandated by HIPAA, for business associates who deal with the transmission of PHI data. It is up to the user to ensure that they operate in accords with HIPAA file compliant file sharing and file transfer. DropBox HIPAA compliance ensures that users will follow best practices such as disabling permanent deletions, and monitoring account access and activity. More information can be found in DropBox's HIPAA guide.
Microsoft OneDrive is a file sharing service that allows the storing and file retrieval of files and personal data. Users can store up to 5GB of data before requiring a subscription. Data is stored in the cloud and allows users to choose selectively who has access to their data.
Microsoft OneDrive will enter into a BAA with users wishing to transmit PHI information. Keep in mind, it is still the responsibility of the organization to ensure that best practices are met with an appropriate compliance program. As with any BAA, Microsoft will allow the user to transmit PHI data, but it does not guarantee HIPAA compliance in itself. It is up to the user to partake in best HIPAA practices.
Owned by Google, The google drive allows users to sync and transmit files to one centralized location. 15 gigabytes of free storage is available through their free plans. Privacy settings allow users to limit data access as needed.
Google Cloud services, such as the Google Drive, require customers to enter into a BAA to comply with HIPAA standards. As with any HIPAA compliance, an agreement is required to ensure that the user accomplishes the best practices to protect PHI data. Synchronization of data across all devices can pose a risk to secure data without data encryption. It is required (in the agreement) that the user ensures that all protocols are met when transmitting sensitive information.
File sharing exists to make data transfer and sharing reliable and pain-free. File sharing services are not required to be HIPAA compliant, but to transmit PHI the entity must enter into a Business Associate Agreement to be compliant. Keep this in mind while selecting the file sharing service.