6 Best HIPAA-compliant Cloud Storage Providers
Corey McCraw is a staff writer covering VoIP and Unified Communications. Corey has over a decade of experience in marketing, tech writing, and corporate communications and has even penned content for the former First Lady Michelle Obama’s Let’s Move initiative.
Rain is a staff writer at Fit Small Business focusing on sales, such as VoIP and video conferencing.
This article is part of a larger series on Unified Communications.
The best HIPAA (Health Insurance Portability and Accountability Act)-compliant cloud storage providers protect patients’ health information by implementing physical, technical, and administrative safeguards. These solutions include access controls, risk management, data encryption and classification, and security tools. We’ve identified the top HIPAA-compliant cloud storage options that strictly adhere to national standards.
The best HIPAA-compliant file storage and their best use cases are:
- Sync.com: Best for teams that need a tool to send large file sizes
- Microsoft OneDrive: Best for existing users of Microsoft Office apps
- Box: Best for enterprises that need unlimited storage capacity
- Google Drive: Best for small businesses on a tight budget
- Dropbox Business: Ideal for non-tech-savvy users who want an easy-to-use app
- Amazon AWS: Best for developers looking for the most reliable cloud storage platform
What is HIPAA-compliant cloud storage?
A VoIP or unified communication cloud storage provider that stores protected health information (PHI) is considered a business associate (BA). To ensure HIPAA compliance, BAs must sign a business associate agreement (BAA) with the healthcare organization. This agreement states its compliance with HIPAA requirements.
For more information on HIPAA and its related terminologies, download our HIPAA glossary for free.
Top HIPAA-compliant Cloud Storage Solutions at a Glance
HIPAA-compliant Cloud Storage Providers | Starting Price for HIPAA-compliant Plans | Key Features | Maximum Storage Capacity |
|---|---|---|---|
| $5 per user, per month, billed annually |
| Unlimited |
| $10 per user, per month, billed yearly |
| Unlimited |
 | $47 per user, per month, with a minimum of 3 users |
| Unlimited |
| Custom pricing |
| 5 TB or more |
 | $15 per user, per month |
| 5TB or more |
 | Pay-as-you-go, 2.3 cents per GB for the first 50TB per month |
| Unlimited |
Many cloud storage service providers offer robust security features to protect their customers’ data. However, it doesn’t mean that all of them are HIPAA-compliant. Below are six HIPAA-compliant cloud storage providers to consider for covered entities and businesses:
Sync.com: Best for Sharing Large Files Securely
What We Like
- Easy to set up
- Offline access available
- More affordable compared to expensive alternatives, such as Box
- Accessible across devices
- Many security features, like granular permissions and 2FA (two-factor authentication)
What's Missing
- Lacks monthly billing option
- Slow file uploading and syncing
- User interface looks outdated
- Limited customer support; no 24/7 live chat option
Sync.com Pricing
- Free: 5GB of storage capacity and basic sharing features
- Solo Basic: $8 per month when billed yearly for 2TB of storage, 1 user, 180-day history
- Solo Professional: $20 per month when billed annually for 6TB of storage, 1 user, 365-day history, and HIPAA compliance
- Team Standard: $5 per user, per month when billed yearly for 1TB, 2 or more users, 180-day history, and HIPAA compliance
- Team Unlimited: $15 per user, monthly when billed annually for unlimited storage, 2 or more users, 365-day history, HIPAA compliance, and custom branding
Sync.com is a cloud storage service provider that allows users to collaborate and share large files online. Its HIPAA-compliant plans start at its “Solo Professional” tier. A wide range of security features is available to help protect sensitive information. These capabilities include granular permissions, file history and recovery, and two-factor authentication (2FA).
Sync.com doesn’t offer a monthly payment cycle, requiring users to subscribe yearly. If you are not ready for a long-term commitment, consider alternatives like Dropbox Business, which you can pay month-to-month. Moreover, Sync.com does not offer a 24/7 live chat support channel, and there are occasional slow file syncing issues.
Sync.com Features
- File sharing with enterprise-grade security: Share files without having to download any software. All users are protected with end-to-end encryption and many security tools, like 2FA and SOC 2 Type 1.
- Team collaboration: Create centralized team folders, manage granular permissions, and get real-time team oversight from anywhere.
- Client file portal: Set up a portal for your client—complete with your company’s branding. This professional dashboard makes it easy to share files in a secure manner.
Microsoft OneDrive: Best for Microsoft Apps Integration
What We Like
- Smooth integration with Microsoft 365
- Accessible across Windows, iOS, Android devices
- Many security tools, such as AES 256-bit at-rest and in-transit data encryption and 2FA
- Intuitive and sleek user interface
What's Missing
- No monthly payment option
- Unlimited individual storage only available for qualified subscriptions with 5+ users
- Limited storage of 1TB per user is less than what its competitors offer
Microsoft OneDrive Pricing
- OneDrive for Business (Plan 1): $5 per user, per month when billed yearly for 1TB of file storage, productivity tools, data encryption, and 24/7 phone and online support
- OneDrive for Business (Plan 2): $10 per user, monthly when billed annually for 1TB to unlimited* file storage, compliance offerings, data retention, and sensitivity labels
- Microsoft 365 Business Basic: $3 per user, per month when billed yearly for 1TB of file storage, unlimited HD video conferencing for up to 250 attendees, and direct file sharing in Teams
- Microsoft 365 Business Standard: $10 per user, monthly when billed annually for 1TB of file storage, updated version of other Microsoft 365 apps, and task management in Microsoft Planner
*Unlimited file storage is available for subscriptions with five-plus users.
Microsoft OneDrive is a cloud storage service that enables teams to securely share files from anywhere. Its HIPAA-compliant plans have BAAs audited by accredited independent auditors leading to its acquisition of the Microsoft ISO/IEC 27001 certification and the HITRUST CSF certification. Other features include data encryption and retention, sensitivity labels, and file auditing and reporting.
Microsoft OneDrive requires users to subscribe to annual contracts. Its unlimited storage capacity is only available in some plans that require customers to register at least five users. Alternatives with monthly and annual payment cycles, like Box, offer unlimited storage in all plans and only require a minimum of three users.
Microsoft OneDrive Features
- Document scanning: Scan and store documents, such as receipts, notes, and business cards, using your mobile device.
- Personal Vault: Add an extra layer of security to store your sensitive files through its Personal Vault feature.
- File sharing across devices: Share files by saving them in a OneDrive folder and generating its link. Shared links make them accessible in any Windows, Android, or iOS device.
Box: Best for Those Who Need Unlimited Storage Capacities
What We Like
- Modern and simple user interface
- Offers monthly and yearly billing options, unlike competitors, such as Microsoft OneDrive
- Many third-party app integrations with popular software, like Slack, Zoom, and Teams
- Unlimited file storage available for all plans
What's Missing
- Requires a minimum of 3 users per subscription
- Expensive than most alternatives, like Sync.com
- Slow file syncing
Box Pricing*
- Business: $20 per user, per month for unlimited file storage, unlimited e-signatures, 5GB file upload limit, technical support during local business hours, and data loss protection
- Business Plus: $33 per user, monthly for 15GB file upload limit, advanced search filters, and custom metadata and metadata templates
- Enterprise: $47 per user, per month for 50GB file upload limit, HIPAA and FedRAMP compliance, 2FA, and document watermarking
- Enterprise Plus: Custom pricing for 150GB file upload limit, additional Box apps, and enhanced services
*Box requires a minimum of three users for its Business plans.
Box is a content cloud platform that lets users share files, collaborate, and store unlimited data. The Enterprise plan is compliant with various regulations, including HIPAA and HITECH (Health Information Technology for Economic and Clinical Health). This package has advanced security features, like device trust, password policy enforcement, and admin role delegation.
Box helps healthcare providers and organizations securely store and access PHI and electronic protected health information (ePHI) from any device. Its features help streamline case management, enhance patient care coordination, and digitize the signing of forms from mobile devices.
Box works best for teams, but its pricing is more expensive than alternatives, like Sync.com. It also requires a minimum of three users per plan. Despite the higher costs, users still experience delays when syncing files.
Box Features
- Admin controls: Box provides an overview of how your files are being shared and accessed—providing you full control and visibility of your teams’ activities.
- Box APIs and SDKs: Customize Box’s capabilities according to your specific business needs through its developer tools and platform.
- E-signatures: Sign digital contracts, agreements, and letters through Box Sign—which works seamlessly with Box Business plans. It lets users create and insert unlimited e-signatures.
Google Drive: Most Affordable HIPAA-compliant Cloud Storage
What We Like
- Integrates well with the suite of Google Workspace apps
- Affordable plans
- Great for team collaboration with a real-time view of edits and comments
- Simple and easy-to-use interface
What's Missing
- No annual discounts are available
- Occasional issues, such as disconnection and slow uploads or downloads
- Less file storage for limited plans, unlike alternatives, such as Sync.com
Google Workspace Pricing*
- Business Starter: $6 per user, per month for 30GB of cloud storage, standard support, and 100-participant video meetings
- Business Standard: $12 per user, per month for 2TB of cloud storage, 150-participant video meetings with recordings, and paid support upgrade available
- Business Plus: $18 per user, monthly for 5TB of cloud storage, 500-participant video meetings with recordings and attendance tracking, and enhanced security tools, such as Vault
- Enterprise: Custom pricing for more than 5TB of cloud storage, video meetings with noise cancellation, and advanced security management and compliance controls
*Google Drive for businesses is integrated into Google Workspace plans.
Google Drive is a cloud storage service that enables users to store and share files online. It offers a free version for personal use, and businesses can subscribe to a Google Workspace plan. Google Workspace packages come with Drive and other apps, such as Meet, Docs, Chat, and Forms. Those looking for an all-in-one platform can also add the Google Voice app to access voice-over-internet-protocol (VoIP) phone features.
Not all Google Workspace apps can be configured for HIPAA compliance. However, Google Drive and related apps, such as Sheets, Slides, Docs, and Forms, can comply with the security rules. For customers who need systems that are HIPAA-compliant, Google provides a BAA as an addendum to the standard Google Workspace agreement.
While its pricing is affordable, note that it offers less storage capacity than Sync.com. Moreover, it doesn’t offer annual billing and volume discounts. Those who prefer to pay yearly and are not using Google Workspace should check out Box or Sync.com.
Google Drive Features
- Shared drives: Organize files in shared folders with your team to keep them up-to-date with the latest versions.
- Permission controls: Set your sharing links to provide permission for viewing, editing, downloading, or commenting.
- Third-party app integrations: Extend capabilities by integrating Google Drive with third-party apps. Some of these solutions include DocuSign for e-signatures and LucidCharts for mockups.
Dropbox Business: Easiest-to-Use HIPAA-compliant Cloud Storage
What We Like
- Volume, annual, educational, and nonprofit discounts available
- Live chat support for all users
- Simple to use
- Accessible across devices, including computers and smartphones
Dropbox Business Pricing
- Standard: $15 per user, per month with a minimum of 3 users for 5TB of storage, HIPAA compliance, and branded sharing
- Professional: $19.99 per user, per month for 1 user with 3TB of storage, Dropbox Vault, and no HIPAA compliance
- Advanced: $25 per user, monthly with a minimum of 3 users for more than 5TB of storage, device approvals, and viewer history
Dropbox Business provides a BAA for CEs to configure its cloud storage platform and comply with HIPAA Security Rules. Its service offers administrative controls, such as user activity reports and user access review. Other features include linked device review and removal as well as two-step authentication.
Dropbox Business has more costly services than most of its popular competitors like OneDrive However, it still has some of the common cloud storage issues, such as occasional slow file synchronization and lags.
Dropbox Business Features
- Secure file sharing: Generate share links of your files or folders and add passwords or expiry dates for extra protection.
- Data backup and recovery: Set up your automatic file backups that are accessible anytime and anywhere. Users can restore or migrate files with just a few clicks.
- Device syncing: Save your files on your Dropbox folder to make them accessible across your devices. You can also configure its settings for offline access.
Amazon Web Services (AWS): Most Reliable HIPAA-compliant Cloud Storage for Developers
What We Like
- Pay-for-what-you-use pricing
- 99.99999999999% data durability
- Most scalable option on this list
What's Missing
- Highly technical—may be overwhelming for those with basic needs
- Misconfigured S3 buckets come with risks, such as data breaches
- Complicated interface, even for technical users
Amazon AWS S3 Standard Pricing*
- For the first monthly 50TB: 2.3 cents per GB
- For the next monthly 450TB: 2.2 cents per GB
- For over 500 monthly TB: 2.1 cents per GB
*Reflected prices are for the Amazon AWS S3 offering. This project is for storing any data type, specifically those frequently accessed.
Amazon Web Services (AWS) is a cloud computing platform that offers many products, such as storage, analytics, developer tools, and business applications. Pricing options available are as follows:
- Pay-as-you-go
- Save when you commit
- Pay less by using more
To meet the HIPAA requirements, AWS aligns its HIPAA risk management program with higher security standards, like FedRAMP and NIST 800-53. It also offers a standard Business Associate Addendum (BAA) to its customers for HIPAA compliance.
While Amazon AWS is the most scalable with great pricing options, its services are too advanced for those with basic needs. Moreover, its interface isn’t that user-friendly, even for those with technical experience.
Amazon AWS Features
- Replication: AWS allows users to automatically copy objects across buckets. You can monitor the replication progress through its notifications and detailed metrics.
- Multiregion access points: Replicate data sets across multiple AWS regions. This replication accelerates performance by up to 60%.
- Storage Lens: AWS provides cloud storage analytics, detailing organization-wide activity trends and usage. It also offers actionable suggestions to help apply best practices for data protection and to improve the solution’s cost-efficiency.
Looking to host HIPAA-compliant virtual meetings? Check out our list of the best HIPAA-compliant video conferencing solutions to determine which product best fits your needs.
How We Evaluated the Best HIPAA-compliant Cloud Storage Service Providers
When analyzing secure cloud storage providers, we found out that not all are HIPAA-compliant. We looked for solutions that offer the required agreements and suggested security measures to protect the customers’ PHI and ePHI. We considered pricing and focused on their general and advanced features, as well as our own analysis of their offerings.
Learn how we reviewed the best HIPAA-compliant cloud storage service providers by clicking on the tabs below:
20%
Pricing
30%
General Features
20%
Advanced Features
30%
Expert Score
20% of Overall Score
We looked into HIPAA-compliant file storage solutions that provide a free plan with a reasonable amount of storage. We checked out which providers offer monthly and yearly billing options and those that provide discounts for annual contracts and businesses with more users.
30% of Overall Score
We analyzed cloud storage services that offer at-rest and in-transit data encryption. We also ensured that there are more security measures in place, such as access control and data classification. We also considered those that provided generous storage capacity, including those with unlimited offers.
20% of Overall Score
We scored service providers based on their additional capabilities as well as the scalability of their platforms. We checked which solutions offer third-party integrations with popular apps for workflow efficiency. We also checked their reliability and the variety of file types they support.
30% of Overall Score
We evaluated their platform’s ease of use and value for money. We also looked into their popularity and customer reviews about their experiences with their services. Finally, we considered our own experience and overall insights on each cloud solution.
*Percentages of overall score
Bottom Line
Confidential health data are commonly stored in the cloud. Choose among the most secure cloud storage services to protect your clients’ sensitive data and stay compliant with HIPAA privacy rules. Ensure that they sign a BAA with a HIPAA-compliant entity. Check out Sync.com, Microsoft OneDrive, Box, Google Drive, Dropbox Business, and Amazon AWS to determine which cloud platform stores PHI and works best for you.
