Due to the sensitive information handled by healthcare organizations, they have to abide by certain laws - one of which is the Health Insurance Portability and Accountability Act (HIPAA).
This law is applicable to various healthcare providers, as well as their associates - and cloud services are no exception.
If you want to store sensitive data in the cloud, the solution you choose must sign a Business Associates Agreement (BAA) - a document that stipulates its compliance with HIPAA regulations.
To help you choose the best service that follows all of these rules, I’ve looked into some of the most reputable providers and found 5 HIPAA compliant cloud storage solutions for you to choose from:
- Google Drive (Best for collaborations)
- Dropbox (Offers the most control over files and folders)
- OneDrive (Best solution for enterprises)
- Carbonite (Best for startups)
- Box (Best solution for full security reports)
1. Google Drive
Recommended for: Businesses who often edit and collaborate on files
That being said, G Suite (previously known as Google Apps) of which Google drive is a part, supports HIPAA.
But that’s not all, Google Drive has a mound of security features that will help you keep all your data safe. And not only this, the company promises that its data center network will provide 99.9% reliable access to data 24 hours a day, 7 days a week.
But, what I like most about Google Drive is that it’s easy to get started with. All you have to do is sign up for a Google account and choose from one of the two work plans. These both come with a 14-day free trial as well as access to Google Docs, Sheets, and Slides. Both are also privacy shield certified and offer 24/7 phone and email support.
The pricing for cloud storage solutions for businesses come as follows:
Google Drive operates via G Suite, giving you access to business email, online storage, video conferences and other tools needed for your business.
Additionally, all paid plans come with a centralized admin console so that you can keep track of all files, who uses them, and everything else in between. Basically, you’ve got full control of your company’s account. Plus, this is made increasingly easier thanks to the audit and reporting feature you’ll have access to.
- Choice of productivity and collaboration suites
- Privacy shield certified
- Data loss prevention for Drive and Gmail depending on the plan
- Two-factor authentication with all plans
- 1TB storage limit on Google Suite if you have less than 5 users
From $12.50 /user/month
Recommended for: Businesses wanting to keep full administrative control of their accounts
Dropbox offers two types of plans, but it’s the business plan you’ll want to to go for if you want to ensure you’re HIPAA secure.
Since 2015, Dropbox offers BAAs to all its business clients. That’s right - every single one - even if you go for the cheapest plan which starts at $12.50 a month per user. This plan also comes with the most advanced 256-bit encryption, as well as the option to enable two-factor authentication.
On the other hand, if you’re a larger organization looking to send all your data up to the cloud, you can go for the $20 per user per month plan. This comes with all the features of the standard business plan as well as an unlimited amount of storage space. This plan also gives you advanced admin controls so you can keep an eye on who accesses what and when, all from one place.
Other security features Dropbox offers to its advanced business users include domain verification, as well as device approvals. This means that if you’re not familiar with someone logging into your account, you can block them with just a few clicks.
Aside from all these awesome features, I love the fact that Dropbox comes with a 30-day free trial for you to test the waters. And if you need something even more robust, you can also give the company a call to find out more about their enterprise solution which is fully customizable to meet your needs.
- Advanced 256-bit encryption
- Unlimited storage space on the advanced plan
- 30-day free trial is offered
- The standard plan only comes with 3TB of storage and no two-factor authentication
From $35.00 /user/month
Recommended for: Enterprises wanting to collaborate on files securely
The company’s Office 365 Enterprise E5 solution allows you to do everything from hosting conferences to video chatting and sharing documents in the safest way possible. Better yet, the platform comes with advanced information protection through data loss prevention and encryption across various applications, including Skype for Business, SharePoint Online, and Exchange Online.
What I like most about OneDrive’s Enterprise E5 solution is that it comes with threat intelligence and advanced security. With it, you’ll get actionable insights to prevent threats and full protection against malware hidden in attachments, links, and emails.
Additionally, the service comes with two-factor authentication administrator approval giving you full control over your organization’s cloud storage.
So, what makes OneDrive stand out?
What makes OneDrive truly unique is that this robust plan comes with unlimited storage that you can access from anywhere on any device and this comes with HIPAA compliant file sharing.
There is one factor that could hold you back from using OneDrive for your organization, though - its price tag. The solution costs $35 per user per month, an expensive price to pay if you have a large team.
- Live data monitoring
- Full access to the Office suite
- Advanced email for compliance needs
- Must make contact with the Microsoft team to get started
From $24.00/month (for up to 25 users)
Recommended for: Users who want to get started quickly
One of the options is “I need to comply with regulations”, which is a true giveaway that Carbonite keeps compliance in mind.
By clicking this option, the company will suggest that you go for the $24 a month plan which automatically gives you HIPAA support.
But the plan offers so much more than just HIPAA compliance. Aside from automatic cloud backup, your data will also be saved to an external hard drive for good measure. Plus, the service offers 128-bit encryption, and if you go for the $50 a month plan, you’ll be able to backup all your databases and applications as well.
What I like most about Carbonite is that you’re not just storing your data away never to be seen again. No, the solution gives you full remote access so that you can still view, edit, download, and share computer files as safely as possible.
And if that’s not enough, it also comes with centralized management and admin console, giving you full control over who accesses your files. Whatsmore, if you’re not sure which solution to go for, you can try Carbonite for free for 30 days.
- The website is simple and intuitive
- Full remote access to all files
- 30-day free trial
- For smaller operations, it's a more expensive option
From $45.00/month (up to 3 users)
Recommended for: Businesses wanting full reports on users and content
Since 2013, Box has been actively marketing to healthcare organizations, adding a completely separate and unique healthcare page to its website whereby it clearly states its goal to help clients maintain their HIPAA compliance.
Better yet, it enables doctors and other healthcare professionals to access important patient documents in a secure way, even when on the go.
What I like most about Box is that it has the end user in mind - the patient. Instead of only highlighting the things that give professionals peace of mind, Box aims to help medical experts improve care coordination and allows them to better educate their patients by giving them the chance to store educational content in their cloud account.
Box only offers one business plan which costs $45 a month and allows you to create an account for 3 users. This includes unlimited storage as well as advanced user and security reporting. While the mid-range price doesn’t put me off, there is little detail when it comes to the solution’s security features.
- Active focus on healthcare professionals and HIPAA compliance
- Patient-focused solution
- 14-day free trial
- Very little information about the individual security features the business plan comes with
- The higher end of the price range
Choosing the Best HIPAA Compliant Cloud Storage
Today, more and more cloud solutions are becoming HIPAA compliant. However, it’s still important to check so that you meet industry standards.
Here’s my verdict for choosing the best HIPAA compliant cloud storage solutions:
- Google Drive gives you the most control over your files and who uses them
- Dropbox offers the most competitive price plans and is a worldwide favorite
- OneDrive is best for integrating with other solutions, especially Microsoft ones
- Carbonite is the most intuitive solution if it’s your first time buying cloud storage
- Box has the biggest focus on healthcare professionals and their work
While these are all great solutions, you should make your final decision based on the amount of storage you need and the number of users you’d like to grant access to.
Do you know a HIPAA compliant cloud storage solution that I haven’t mentioned in this list? If so, you can let me know in the comment box below. I’d love to hear your opinion!