Privacy and security are top concerns at ElephantDrive and we have shaped our solution according to well-established best practices. For an overview of the principles and practices applied, please visit our FAQ on security and compliance: https://support.elephantdrive.com/hc/en-us/sections/200928788-Security-Privacy-Compliance.
HIPAA and HITECH have put in place specific regulations regarding how Protected Health Information (“PHI”) is to be handled by professionals. In addition to medical professionals, these regulations apply to their partners and subcontractors, requiring them to enter into a Business Associate Agreement (“BAA”).
Our internal reviews meet the compliance standards outlined in HIPAA and 3rd party certification of these hurdles is forthcoming. We have used the publicly available documentation and the work done by our storage partners at Amazon Web Services (AWS) as key guidelines for evaluation. For a review of the recommended techniques for deploying HIPAA compliant applications, please view the AWS whitepaper on HIPAA: https://d1.awsstatic.com/whitepapers/compliance/AWS_HIPAA_Compliance_Whitepaper.pdf.
We have drafted a BAA, specifically tailored both to the unique requirements of HIPAA and HITECH regulations and to the specifications of ElephantDrive’s cloud services.
Our BAA is available upon request by our users on a Business or Enterprise subscription (https://www.elephantdrive.com/home/pricing-and-plans/).
We hope this information will help you make an informed decision and we hope to have the opportunity to provide you with compliant cloud storage services.
Keep in mind, however, that no system, by itself, can ensure HIPAA compliance. All organizations must adhere to and enforce daily the standards and regulations detailed in HIPAA in order to maintain compliance.