hipaa cloud storage
Robert Godard
Listen to: "Top 4 Most Trusted, HIPAA-Compliant Cloud Storage Services [Updated for 2018]"

As far back as July 2014, per Forbes, 83 percent of healthcare organizations were already using cloud-based healthcare apps. IT executives further reported that 66.9 percent of the cloud services they used were SaaS-based.

Fast-forward to July 2016, and IT leaders are reporting that cloud-based software has become even more widespread with medical researchers relying on the cloud to manage massive chunks of data at more than 100 terabytes. CloudTech notes that the many and varied needs for cloud computing and cloud storage in the healthcare industry resulted in a $3.73 billion price tag in 2015. Experts project that, by 2020, the number will nearly triple at about $9.5 billion in cloud computing services.

What Makes Cloud Computing So Appealing to Healthcare Industry Professionals?

Right out of the gate, healthcare professionals and IT executives will happily exalt cloud computing for its scalability, cost-efficiency, and flexibility. Following are a few additional reasons that healthcare leaders are relying on the cloud at an ever-accelerating rate:

  • Regular Updates
  • The Exchange of Electronic Data Between Physicians and Healthcare Systems
  • Initial Lower Cost
  • Less Need to Worry About Disaster Recovery
  • Files Take Up Less Physical Space

With cloud hosting and cloud storage, updates are done centrally and distributed to users from the test site easily. As doctors, medical centers, and healthcare systems across the U.S. continue to go online, sharing electronic medical records containing confidential patient data, per the HIPAA Privacy Rule, via the cloud makes the process simpler. While healthcare organizations spend a smaller fee at the beginning, they will continue to pay a regular monthly fee. However, it is unnecessary to upgrade hardware related to storage when using cloud storage, so the costs may balance out. Physical security and damage become far less worrisome for IT professionals when everything is stored in the cloud. Medical practices and hospitals tend to feature billowing file rooms with barely enough space to do a proper search for a file. Assistants do acrobats and contortions to fit into the tiny space to retrieve a tightly-packed file. With cloud storage, physicians and their team can create more space by putting old files into the cloud and packing up the physical files.

HIPAA-Compliance for Cloud Storage Is Essential

Even if doctors, medical researchers, and all others in the healthcare field only think about entering, transmitting, and retrieving data, IT professionals need to always think several steps ahead of cyber-criminals lurking in the virtual shadows, especially when it comes to HIPAA-compliance.

In 1996, “the U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act (HIPAA) of 1996.” The Privacy Rule addresses patients’ “protected health information” and how organizations, or “covered entities” subject to the Privacy Rules must comply.

Within the HHS, the Office of Civil Rights (OCR) holds the responsibility of implementing, monitoring, and enforcing the Privacy Rule. The Privacy Rule serves to provide a balance that allows for certain uses of information while ensuring the privacy of people who seek care and healing. Additionally, since patient information includes things like name, address, telephone number, and social security number, there is a real risk for misuse if their information falls into the wrong hands due to any type of non-compliance by covered entities.

What Entities Are Covered Under the HIPAA Privacy Rule?

There are many covered entities that are subject to the HIPAA Privacy Rule to avoid any breaks in the chain of protection.

  • Health Plans
  • Healthcare Providers
  • Healthcare Clearinghouses


The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted in 2009, strengthens the privacy and security protections for health information established under HIPAA. This Act also extends HIPAA’’s requirements to include business associates as a covered entity. Business associates include any third-party entity that has access to protected health information (PHI).

Explore this Year’s 4 Most Trusted Cloud Storage Services with a Focus on HIPAA-Compliance

If your healthcare, or healthcare-related, organization is ready to adopt cloud storage, you may need some ideas on where to start. At I.S. Partners, LLC., our team has found what industry leaders consider the 5 most trusted cloud storage services with a focus on HIPAA-compliance, with a focus on those who sign Business Associate Agreement (BAA), offer the most space for your fees, and who provide the best encryption:

Google Cloud Drive

Starting in 2013, Google began signing a BAA covering Gmail, Google Drive, Google Calendar, and Google Vault, or “the G Suite.” With this savvy move, Google Cloud Drive is now HIPAA-compliant and receiving rave reviews from industry pros like PC Magazine. Start your service with a free trial before choosing between a $5 per month plan for 30 gigabytes of storage or $10 per month for unlimited storage, divided on a 1-terabyte-each basis between different users.

Microsoft One Drive

Microsoft is at the forefront when it comes to supporting HIPAA-HITECH, offering BAAs for enterprise cloud services, signing agreements for mail, file storage, and calendars. Microsoft is renowned for offering some of the most effective security tools in the industry.


Amazon is everywhere these days, and coming in as a cloud storage provider is no exception. Amazon S3 gives you a quick guide on how to configure HIPAA-compliant cloud storage for Amazon Web Services (AWS) and offers to sign a BAA. You can also enjoy knowing that the security is top-notch.


Box offers stellar encryption and security, is happy to sign a BAA, and actively markets to healthcare customers. Per Skyhigh Networks, “Box features include access monitoring, reporting and audit trail for users and content, and granular file authorizations.”

Learn more. Webinar: “Cloud Security Basics”

Learn More About Staying HIPAA-HITECH Compliant with Cloud Storage

If you still have questions about the best cloud storage service providers, or simply how you can maintain solid HIPAA-compliance, I.S. Partners, LLC. can help. Our HIPAA-HITECH team is here with plenty of information to help you tend to confidential information without worry. Send us a message or call us at 215-675-1400 to discuss the best ways to keep your healthcare organization in compliance and PHI data secure.

About The Author

Get Hassle-free Pricing in 3 Easy Steps

Request a quote using the form below
Allow us to create a customized plan
We'll get you an accurate, no-obligation quote
Untitled-1 Asset 1 Request a Quote Background

Request a Quote

Please fill out the fields below and one of our compliance specialists will contact you shortly. Want to speak to us now? Call us at (866) 335-6235

Request a Quote (Keep)

I.S. Partners is serious about privacy. We will never share your information with third parties. Please read our Privacy Policy for more information.


Great companies think alike!

Join hundreds of other companies that trust I.S Partners for their compliance, attestation and security needs.

Teladoc VeriClaim DentaQuest VisioNet Verifacts Sterling AV Med DOE Legal