Not all cloud file services are HIPAA-compliant, therefore it is not eligible to store, share or transfer Electronic protected health information (ePHI). We have compiled this list to help the enterprise/ professional users to try, & choose the HIPAA-compliant cloud file storage and file transfer service that fits their work requirements.

Why using Cloud file storage and Cloud file transfer?

  • Seamless collaboration between work colleagues
  • Automated File Sync and backup
  • Large file support
  • Security
  • Cloud backup for important data

1- Dropbox

Dropbox is the most popular cloud file-sharing/ storage among personal users and companies, Dropbox offers cloud storage with simple easy to use interface, It provides desktop clients for Windows, Mac OSX, and Linux that supports desktop synchronization.

Though, Dropbox announced the support of HIPAA and HITECH Act compliance in November 2015. It now provides BAAs for Dropbox Business customers.(src)

Administrative controls include review and removal of linked devices, user access, user activity reports, and enabling two-step authentication.

Features

  • Large files support
  • Team management
  • Multiple-user sharing
  • Public links
  • Apps/ services integration
  • Folders/ Files security
  • Desktop Integration
  • Desktop clients with sync support
  • Mobile clients (iOS/ Android)
  • Notes (Paper app)
  • Developer-friendly API
  • Seamless integration with other services
  • Office 365 integration (Enterprise/ HIPAA)
  • Advanced collaboration tools (Enterprise/ HIPAA)
  • System alerts and granular permissions. (Enterprise/ HIPAA)

Pricing

 Dropbox offers a free plan for personal users alongside many other plans for normal users and enterprise. You may register for free and try it out. The business version costs $12.50 per month per user, starting with five users. It includes unlimited storage and file recovery.

2- OneDrive



OneDrive is a file hosting service and synchronization service operated by Microsoft as part of its suite of Office Online services. It's integrating well with other Microsoft Live products including Live cloud office (Word, PowerPoint, Excel, OneNote Notebook). Though it does not provide integration with other cloud apps like Google drive does It's still pretty solid and smooth to work with Ms.Office documents on the cloud.

OneDrive for Business is HIPAA Compliant and adheres to regulatory compliance for healthcare providers and healthcare organizations.

OneDrive provides 5GB for free for personal users, However, the premium edition offers 1TB  (1.000GB) with support of Office 2016. The paid plan supports family editions and personal editions which comes packed as well with desktop clients for Windows, and MacOSX.

Unlike Google Drive, OneDrive does not have an enterprise plan for healthcare or enterprise, however, it's GDPR & HIPAA compliant.

Features

  • 5GB free space
  • MS Office compatible
  • File viewer for Images, office documents
  • Collaborative file sharing
  • Large files support
  • Embedded documents
  • Desktop office integration support
  • Sharing Link expiration (premium)
  • Sharing Document password (premium)

Pricing

 The free plan offers 5 GB, for 50 GB it's $1.99/ month paid billed every year. With Office 365 Personal Comes with Office 365 Personal 1000 GB Storage which costs  $5.83/ month billed annually.

3-Google Drive G Suite

G-Suite is a set of Google cloud services aiming for productivity, collaboration, it includes mail, drive, docs, calendar, chats, and messaging tools as Google Hangout chat and Hangout meets. It provides seamless desktop and mobile integration and file synchronization.

G-Suite has a rich HIPAA implementation guide to keep the enterprise on the same side of HIPAA. Though G Suite is not HIPAA-compliant by default, It's easy to comply by obtaining a BAA (business associate agreement) from Google as a start, Configure Access Controls, &  check and configure devices control.

Features

  • Desktop and Mobile clients
  • Google office/ documents compatibility
  • Document Office viewer  including Google Documents and Ms. Office
  • Powerful communication tools
  • Add-ons support with access to a huge list of extensions
  • Web admin to manage apps, users
  • Whiteboard app
  • App maker support
  • Zip and Download
  • Desktop & Mobile Synchronization
  • Google Vault support

Pricing

 G-Suite Aka "Google Suite", started off as a free service, however, it requires $6/ month per user right now for the basic plan which provides 30 GB space. G-Suite offers a business plan and an enterprise plan with more extended functionalities and options for companies planning to make the most of G-Suite including low-coding apps development and integrating it with other services.

4- Box HIPAA-compliant cloud file storage with DICOM viewer

Box with DICOM viewer

Box is a cloud file storage, very similar to Dropbox, but it provides several more options especially for Doctors to share, store, & view DICOM images. It has several features that ease managing and sharing digital documents.  Box has desktop clients for Windows & Mac OSX. It does not provide a Linux client or support. However, it has iOS and Android clients that works smoothly even with older versions for both. The main downside for Box is: there is no Linux support.

Box has dedicated special guide to target healthcare industry, as it provides complete guide for HIPAA compliance as well.


BoxDicom is a paid service & development library that provides a full-features DICOM viewer that integrates smoothly with Box. BoxDICOM uses Box to store DICOM files and view them with an advanced web-based DICOM viewer. It also provides a proxy solution that eliminates the need for expensive enterprise VPN for hospitals.

Features

  • Desktop clients
  • Desktop integration
  • Simple yet powerful web client
  • Large file support (2 GB file size)
  • File Sync support
  • Offline files support
  • File Viewer
  • Online Office Third-party integration (Google Drive)
  • SpreadSheets file viewer/ editor
  • Docs file viewer/ editor
  • DICOM image viewer
  • Trash file support
  • Notes
  • Automated Actions
  • Desktop Notification
  • Email Notification

Pricing

 Box is targeting personal users, with a free personal plan (starts from 5GB)  and Personal Pro plan $5/ month for 100GB space. Box has individual plans, Business plans, & Platform plus plans for the enterprise. However, for HIPAA/HITECH-eligible, FedRAMP plans the only available plan for it is the enterprise plan.

5- Sync: HIPAA & GDPR-compliant cloud storage

Sync web client 


Sync is a cloud & file storage service aiming for personal users and the enterprise its HIPAA/ GDPR-compliant service. Unlike other services, HIPAA/ GDPR is available even for the free personal plan. Sync is a HIPAA and GDPR-compliant service, It also provides affordable plans for small clinics and healthcare business. Read our review about it in here.

Features

  • Powerful simple UI that works for everyone
  • Transfer account ownership
  • Version history, restore & rewind
  • Multiple user support
  • Folder manager
  • Password protected sharing
  • Remote device lockout
  • Expiry dates
  • Permission Manager
  • Offline-file support
  • Mobile/ Table clients for Android & iOS (iPhone/ iPad)
  • Automatic backup
  • Automatic Sync
  • End-to-end encryption
  • Secure link generation for file sharing
  • Activity logs
  • Support (Mail support)
  • 2048-bit RSA, SSL/TLS encryption
  • Two-factor authentication
    Sync Pro Features (Paid)
  • Sharing link upgrades
  • Documents viewer and media player
  • Expiry dates
  • File requests with upload enabled links
  • Set download limits (self-destruct)
  • Preview-only mode for documents and images (no download)
  • Email notifications on link activity
  • Download count stats
  • Multi-user admin console
  • Transfer in existing Sync accounts
  • Support (Live chat escalation)
  • File requests
  • Notifications
  • Multiple-users  management and centralized billing
    Data protection and privacy features (For all plans)
  • Enables HIPAA compliance
  • Enables GDPR compliance
  • Enables global compliance

Pricing

 Sync provides plans for individuals, family, and business, It's free plan provides 5GB with all options to use the sync vault, But with limited extra-options can unlock easily anytime with upgrades. The storage is also upgradable to 2-5-10 TB. You may consider registering for free and trying it out before upgrades.

6- OneHub HIPAA/ GDPR-Compliant Cloud storage


OneHub is a HIPAA & GDPR-compliant cloud storage service for the enterprise. It has a simple easy-to-use web client accompanying by mobile versions for Android, and iOS with custom iPad edition. OneHub has security and file sharing centered features including virtual data rooms, full-text search, document viewers. It provides a rich API that makes it ready to integrate with other services, & solutions like the HIS (Hospital Information System) / EHR (Electronic Health Records).

Features

  • HIPAA  & GDPR
  • TEAM/ Business/ Enterprise
  • Cloud storage for teams and business
  • Data Rooms
  • Web client and Mobile Client
  • Collaboration
  • User-Management
  • Watermark
  • Workspace agreement
  • Sign forms
  • Full-text Search
  • Developer friendly with fully-documented API
  • Version control
  • FTP support
  • Secure links
  • Object-level Security
  • Logging auditing
  • Two-factor authentication
  • Online-viewer
  • Multiple file type support
  • Messages
  • Activity
  • Notification
  • Customization
  • Data Rooms
  • Hibernation mode
  • Large file size
  • Workspace supported

Pricing

 As OneHub is not aiming for personal/ individual users, It focuses on enterprise and teams,  It offers Team ($29.95 for 3 users/month), Business ($99.95 5 users/ month) & Enterprise plans.

7- SmartFile: Secure File sharing and transfer for the enterprise

SmartFile is a file sharing and transfer platform designed for the enterprise especially enterprise that requires HIPAA-compliant features like Hospitals, & Medical facilities.  SmartFile does not have a personal plan for normal users, It has only business and enterprise plan.

The company has created a HIPAA-compliance guide to make SmartFile HIPAA-compliant, It requires adding more features but through an easy process.

User Features

  • Easy to Upload and Share
  • Web Browser and FTP Access
  • Full-text search
  • FPT/ SFTP/ FTPS
  • Branded Client Portal
  • File Previews and Versioning
  • Email Notifications
  • Self-Management (without IT)
  • Outlook Integration (Outlook plugin)
  • HTML Embed Options
  • Mapped Drive Access
  • Password protected shares
  • Dropbox integration
  • Unlimited Storage & File Size
  • Unlimited Users
  • HIPAA Compliant Activity Logs
  • Automation Workflows
  • File Versioning and Locking
  • Granular Permissions
  • Storage & Transfer Encryption
  • Forced HTTPS, SFTP, and FTPS
  • API & SDKs

Enterprise Features

  • Multi-Site Options
  • Self-hosted file management
  • Granular User Roles and Permissions
  • Password Management Tools
  • Unlimited File Sizes
  • Network Storage Connectors
  • Single Sign-On (SSO)

Pricing

 SmartFile offers cloud plans starting from $6 per user/month for business, $10 per user/ month for business plus, Business Unlimited plan requires calling to set a price. SmartFile also offers On-Premises version for the enterprise but there is no fixed price for that.

8- BrickFTP: Secure File sharing

BrickFTP is secure File sharing platform built to provide easily configurable sharing environment for business and business-oriented users. It's built to be easy-to-use as it provides support for multiple FTP and file sharing/ storage protocols. It also offers integration with many cloud services and social media platforms like Dropbox, Twitter, and Slack. BrickFTP provides HIPAA-compliance guide that includes detailed information about extended features and security measures.

BrickFTP is a popular platform among the business environment in the US and in the EU,  it is used by  100,000+ with 1700+ companies around the world. It offers developer-friendly REST API, webhook API, Zapier integration, & Single sign-on via LDAP. It supports file sync for Windows and Mac OSX.

Features

  • Powerful web client
  • Multiple protocols support SFTP, FTPS, FTPES, WebDAV
  • LDAP sing-in support
  • Desktop Sync
  • Developer-friendly API and Webhook
  • Zapier which integration to Dropbox, Twitter, & Slack
  • Customizable: branding, logo, colors
  • Custom domain support
  • Users & Group management
  • Permission management
  • At-rest encryption
  • Dedicated IP & custom SSL
  • Logging support
  • Video & Audio preview
  • Public & Anonymous upload support
  • Notification

Pricing

  • Stating from $249/mo for small business.
    Though BrickFTP does not offer a free plan or personal plan for individuals as it puts all the primary focus on business users and companies, It offers pricing plans for small, intermediate companies and for huge enterprise setup as well. It may look expensive, but it's cost-effective for companies that require massive data transfer daily.

9- OpenDrive

OpenDrive

OpenDrive is a cloud file storage that provide several desktop clients for Linux, Windows, Mac OSX with Sync support.

Features

  • 2048 bit encrypted Secure Socket Layer (SSL) connection
  • Secure Files vault with AES-256 encryption on-the-fly.
  • Upload, Edit, Replace or Preview Files
  • Automated Backup
  • Sync and Backup Scheduling
  • Sync Files/Folders Across Computers
  • Embedding of Photo, Video and Audio Files
  • Send Files and Folders by Email
  • Audio Player and Video Player
  • File Versioning
  • File Encryption and De-duplication
  • Redundant Back-Up
  • File and Folder Sharing and Hotlinking
  • User Management
  • Activity reporting
  • Logging
  • Network monitoring
  • Firewall protection
  • Clients for Mac OS X, Linux, Windows, iOS (iPhone/ iPad), & Android

HIPAA & PCI Features

  • SAS 70 Type II certified
  • SOC 2 audited
  • Ability to perform complete audits
  • File encryption during transmission and storage*
  • Ability to restrict access to your data and information
  • Micro-Segmentation of communications
  • File encryption is done through our desktop apps only and is not possible through our website or mobile apps. Our desktop apps use AES encryption through the OpenSSL protocol.

10 - FTP Today



FTP Today is a HIPAA-compliant  Cloud-based sFTP client for File Transfer and sharing, FTP Today provides platform compliance for a wide range of regulations around the world including GDPR, ISO 27001, PCI-DSS, HITECH, ITAR/ EAR, CJIS, and more.

Features

  • FTP Web client
  • File Sharing plus SFTP
  • Supports multiple protocols: sFTP, FTP, FTPS, FTPeS, HTTPS
  • Country & User-IP Restrictions
  • Automated Hacker Protection
  • Dedicated IP / Custom SSL
  • Custom Branding
  • Flexible Directory Structure
  • File Purge Controls
  • Email Notifications
  • Firewall support
  • Automated and Scheduled Backup
  • Antivirus and Malware protection
  • File sharing support with an expired link and secure login
  • In-transit Encryption
  • Geo-IP access restriction
  • Dedicated IP & Custom SSL Cert
  • Unlimited Bandwidth
  • Large file support
  • File Retention Controls
  • Reporting
  • Logging

Pricing

  • Starts from $50/ monthly for a small office.