Top tips on secure file sharing and staying HIPAA compliant

5 min read

Posted On June 17, 2020

secure file sharing, HIPAA complian

For all HIPAA-compliant businesses, secure file sharing is not an if, but, or a maybe – it is an absolute must. Maintaining HIPAA compliance at all times is absolutely essential for avoiding fines, protecting your business and securing the PHI of your customers and patients.

PHI, or Protected Health Information, consists of all the data you have that relates to your patients’ past, present or future health condition.

It includes data pertaining to any medical services they have received or may receive, as well as their healthcare payments and health insurance information.

In today’s world, most, if not all of this information, will likely be stored in digital format. For this, the term that’s used is “electronic protected health information” or ePHI – and it falls under HIPAA regulations, too.

There is a component of HIPAA called the Security Rule, which requires all HIPAA-compliant businesses to protect ePHI via appropriate administrative safeguards, physical safeguards and technical safeguards to preserve its confidentiality, integrity and availability.

In addition, the HIPAA Privacy Rule regulates who has access to all forms of PHI – including ePHI.

The Privacy Rule requires organizations to implement policies and procedures that limit the use and disclosure of PHI to the minimum number of people necessary and restrict access to employees with specific authorization.

Encrypted Sharing - 14 Days No Obligation Free Trial


HIPAA-Compliant Secure File Sharing

What do these Rules mean when it comes to secure file sharing?

Well, with regards to the Security Rule, administrative safeguards concern the policies and procedures – including staff training programs – you have in place to ensure the adequate management and maintenance of ePHI protection.

Physical safeguards are those that restrict access to your physical premises (security systems, etc.) and any servers, computer equipment or mobile devices where ePHI is stored.

Technical safeguards, meanwhile, protect ePHI via digital means, such as access controls, user authentication and data encryption.

What does this all look like in practice? Here’s what you need to do to ensure HIPAA-compliant secure file sharing.


Encrypt Your Files

When it comes to secure file sharing, encryption is critical. Put simply, encrypting your files renders them unreadable and therefore unusable to unauthorized individuals.

Guidance from the Department of Health & Human Services (HHS) states that ePHI data must be encrypted both at rest and in transit.

File encryption requires user authentication in order to view, download, edit or delete information contained within the files.

Encrypted file sharing means that your information is protected from the moment it is sent, until the moment it is received and stored.


Access Controls and User Authentication

Beyond encryption, it’s important you have adequate safeguards in place to manage access to ePHI.

As well as physical safeguards, you must ensure that every member of staff on your network is granted a unique user ID so you can be certain only authorized parties have access to your protected files.

In addition, you should enable multi-factor authentication to confirm the identity of every user who tries to log into your system.

In this way, even if a member of staff’s login credentials are compromised, the multi-factor authentication safeguard provides an additional layer of security to protect your data against remote attacks.

Encrypted Sharing - 14 Days No Obligation Free Trial

Staff Training

HIPAA is extremely complex and best practices for compliance change regularly.

As such, no employee who deals with ePHI should begin work without undergoing training to teach them how to handle protected files – and that training should be ongoing as it is unlikely that a single training course will be sufficient to cover all requirements.

HIPAA training should cover everything from password policies to HIPAA Rules to phishing scam awareness.

The more informed your employees are, the better your business and your ePHI will be protected.


Use a HIPAA-Compliant File Sharing Service

The very best way to ensure your files are always safe and protected is to use a HIPAA-compliant secure file sharing solution.

Not all solutions are HIPAA-compliant, however, so caution must be exercised when selecting a provider.

HIPAA applies not only to HIPAA-compliant businesses themselves, but their business associates (BAs) as well.

This means that any file sharing solution provider you work with is considered a business associate and is therefore equally obligated to comply with HIPAA Rules.

The HHS stipulates that you must enter into a business associate agreement (BAA) with any BA that will be creating, receiving, maintaining, or transmitting ePHI on your behalf and that the BA otherwise complies with HIPAA Rules.

Specifically, the BAA “contractually requires the business associate to appropriately safeguard the ePHI, including implementing the requirements of the Security Rule.” In other words, any secure file sharing service provider that is not prepared to sign a BAA is out of bounds for HIPAA-compliant businesses.

Some popular file sharing services, such as Apple’s iCloud, will not sign BAAs with HIPAA covered entities and so should not be used.

Others, like Amazon Web Services and Google Drive are not HIPAA-compliant by default, so you must employ best practices at every level to ensure you do not violate HIPAA Rules should you use these services.

More popular sharing services like WeTransfer, though secure, are not HIPAA compliant at all and so must be avoided.

Instead, a purpose-built HIPAA-compliant file sharing solution such as Encrypted Sharing from Central Data Storage should be used.


Encrypted Sharing - 14 Days No Obligation Free Trial

HIPAA-Compliant Secure File Sharing from Central Data Storage

Businesses in specialist industries require specialist solutions.

Central Data Storage’s Encrypted Sharing service provides top-level encrypted file sharing and secure messaging for your business, making communicating with your clients, teams and partners completely secure, easy and 100% compliant with HIPAA requirements.

Our solution has beyond military-grade security features, protecting you against data threats such as ransomware, cyberattacks and lost and stolen devices.

With end-to-end 448-bit encryption, secure private messaging, secure attachments and automatic chat and file expiration or archiving, Encrypted Sharing from Central Data Storage is the secure file sharing service you need to ensure HIPAA compliance and safeguard your business.


Want to learn more about the benefits of our fully supported Encrypted Sharing solution? Just call 1-888-907-1227 or email


Free Backup and Recovery Data Assessment