This article is part of a larger series on Unified Communications.
The best HIPAA (Health Insurance Portability and Accountability Act)-compliant cloud storage providers protect patients’ health information by implementing physical, technical, and administrative safeguards. These solutions include access controls, risk management, data encryption and classification, and security tools. We’ve identified the top HIPAA-compliant cloud storage options that strictly adhere to national standards.
The best HIPAA-compliant file storage and their best use cases are:
- Sync.com: Best for teams that need a tool to send large file sizes
- Microsoft OneDrive: Best for existing users of Microsoft Office apps
- Box: Best for enterprises that need unlimited storage capacity
- Google Drive: Best for small businesses on a tight budget
- Dropbox Business: Ideal for non-tech-savvy users who want an easy-to-use app
- Amazon AWS: Best for developers looking for the most reliable cloud storage platform
What is HIPAA-compliant cloud storage?
A VoIP or unified communication cloud storage provider that stores protected health information (PHI) is considered a business associate (BA). To ensure HIPAA compliance, BAs must sign a business associate agreement (BAA) with the healthcare organization. This agreement states its compliance with HIPAA requirements.
For more information on HIPAA and its related terminologies, download our HIPAA glossary for free.
Top HIPAA-compliant Cloud Storage Solutions at a Glance
HIPAA-compliant Cloud Storage Providers
Starting Price for HIPAA-compliant Plans
Maximum Storage Capacity
$5 per user, per month, billed annually
$10 per user, per month, billed yearly
$47 per user, per month, with a minimum of 3 users
5 TB or more
$15 per user, per month
5TB or more
Pay-as-you-go, 2.3 cents per GB for the first 50TB per month
Many cloud storage service providers offer robust security features to protect their customers’ data. However, it doesn’t mean that all of them are HIPAA-compliant. Below are six HIPAA-compliant cloud storage providers to consider for covered entities and businesses:
Sync.com: Best for Sharing Large Files Securely
Sync.com is a cloud storage service provider that allows users to collaborate and share large files online. Its HIPAA-compliant plans start at its “Solo Professional” tier. A wide range of security features is available to help protect sensitive information. These capabilities include granular permissions, file history and recovery, and two-factor authentication (2FA).
Sync.com doesn’t offer a monthly payment cycle, requiring users to subscribe yearly. If you are not ready for a long-term commitment, consider alternatives like Dropbox Business, which you can pay month-to-month. Moreover, Sync.com does not offer a 24/7 live chat support channel, and there are occasional slow file syncing issues.
- File sharing with enterprise-grade security: Share files without having to download any software. All users are protected with end-to-end encryption and many security tools, like 2FA and SOC 2 Type 1.
- Team collaboration: Create centralized team folders, manage granular permissions, and get real-time team oversight from anywhere.
- Client file portal: Set up a portal for your client—complete with your company’s branding. This professional dashboard makes it easy to share files in a secure manner.
Microsoft OneDrive: Best for Microsoft Apps Integration
*Unlimited file storage is available for subscriptions with five-plus users.
Microsoft OneDrive is a cloud storage service that enables teams to securely share files from anywhere. Its HIPAA-compliant plans have BAAs audited by accredited independent auditors leading to its acquisition of the Microsoft ISO/IEC 27001 certification and the HITRUST CSF certification. Other features include data encryption and retention, sensitivity labels, and file auditing and reporting.
Microsoft OneDrive requires users to subscribe to annual contracts. Its unlimited storage capacity is only available in some plans that require customers to register at least five users. Alternatives with monthly and annual payment cycles, like Box, offer unlimited storage in all plans and only require a minimum of three users.
Microsoft OneDrive Features
- Document scanning: Scan and store documents, such as receipts, notes, and business cards, using your mobile device.
- Personal Vault: Add an extra layer of security to store your sensitive files through its Personal Vault feature.
- File sharing across devices: Share files by saving them in a OneDrive folder and generating its link. Shared links make them accessible in any Windows, Android, or iOS device.
Box: Best for Those Who Need Unlimited Storage Capacities
*Box requires a minimum of three users for its Business plans.
Box is a content cloud platform that lets users share files, collaborate, and store unlimited data. The Enterprise plan is compliant with various regulations, including HIPAA and HITECH (Health Information Technology for Economic and Clinical Health). This package has advanced security features, like device trust, password policy enforcement, and admin role delegation.
Box helps healthcare providers and organizations securely store and access PHI and electronic protected health information (ePHI) from any device. Its features help streamline case management, enhance patient care coordination, and digitize the signing of forms from mobile devices.
Box works best for teams, but its pricing is more expensive than alternatives, like Sync.com. It also requires a minimum of three users per plan. Despite the higher costs, users still experience delays when syncing files.
- Admin controls: Box provides an overview of how your files are being shared and accessed—providing you full control and visibility of your teams’ activities.
- Box APIs and SDKs: Customize Box’s capabilities according to your specific business needs through its developer tools and platform.
- E-signatures: Sign digital contracts, agreements, and letters through Box Sign—which works seamlessly with Box Business plans. It lets users create and insert unlimited e-signatures.
Google Drive: Most Affordable HIPAA-compliant Cloud Storage
*Google Drive for businesses is integrated into Google Workspace plans.
Google Drive is a cloud storage service that enables users to store and share files online. It offers a free version for personal use, and businesses can subscribe to a Google Workspace plan. Google Workspace packages come with Drive and other apps, such as Meet, Docs, Chat, and Forms. Those looking for an all-in-one platform can also add the Google Voice app to access voice-over-internet-protocol (VoIP) phone features.
Not all Google Workspace apps can be configured for HIPAA compliance. However, Google Drive and related apps, such as Sheets, Slides, Docs, and Forms, can comply with the security rules. For customers who need systems that are HIPAA-compliant, Google provides a BAA as an addendum to the standard Google Workspace agreement.
While its pricing is affordable, note that it offers less storage capacity than Sync.com. Moreover, it doesn’t offer annual billing and volume discounts. Those who prefer to pay yearly and are not using Google Workspace should check out Box or Sync.com.
Google Drive Features
- Shared drives: Organize files in shared folders with your team to keep them up-to-date with the latest versions.
- Permission controls: Set your sharing links to provide permission for viewing, editing, downloading, or commenting.
- Third-party app integrations: Extend capabilities by integrating Google Drive with third-party apps. Some of these solutions include DocuSign for e-signatures and LucidCharts for mockups.
Dropbox Business: Easiest-to-Use HIPAA-compliant Cloud Storage
Dropbox Business provides a BAA for CEs to configure its cloud storage platform and comply with HIPAA Security Rules. Its service offers administrative controls, such as user activity reports and user access review. Other features include linked device review and removal as well as two-step authentication.
Dropbox Business has more costly services than most of its popular competitors like OneDrive. However, it still has some of the common cloud storage issues, such as occasional slow file synchronization and lags.
Dropbox Business Features
- Secure file sharing: Generate share links of your files or folders and add passwords or expiry dates for extra protection.
- Data backup and recovery: Set up your automatic file backups that are accessible anytime and anywhere. Users can restore or migrate files with just a few clicks.
- Device syncing: Save your files on your Dropbox folder to make them accessible across your devices. You can also configure its settings for offline access.
Amazon Web Services (AWS): Most Reliable HIPAA-compliant Cloud Storage for Developers
*Reflected prices are for the Amazon AWS S3 offering. This project is for storing any data type, specifically those frequently accessed.
Amazon Web Services (AWS) is a cloud computing platform that offers many products, such as storage, analytics, developer tools, and business applications. Pricing options available are as follows:
- Save when you commit
- Pay less by using more
To meet the HIPAA requirements, AWS aligns its HIPAA risk management program with higher security standards, like FedRAMP and NIST 800-53. It also offers a standard Business Associate Addendum (BAA) to its customers for HIPAA compliance.
While Amazon AWS is the most scalable with great pricing options, its services are too advanced for those with basic needs. Moreover, its interface isn’t that user-friendly, even for those with technical experience. If you are looking for an easy-to-use platform, you can look into simpler providers like OneDrive or Box.
Amazon AWS Features
- Replication: AWS allows users to automatically copy objects across buckets. You can monitor the replication progress through its notifications and detailed metrics.
- Multiregion access points: Replicate data sets across multiple AWS regions. This replication accelerates performance by up to 60%.
- Storage Lens: AWS provides cloud storage analytics, detailing organization-wide activity trends and usage. It also offers actionable suggestions to help apply best practices for data protection and to improve the solution’s cost-efficiency.
Looking to host HIPAA-compliant virtual meetings? Check out our list of the best HIPAA-compliant video conferencing solutions to determine which product best fits your needs.
How We Evaluated the Best HIPAA-compliant Cloud Storage Service Providers
When analyzing secure cloud storage providers, we found out that not all are HIPAA-compliant. We looked for solutions that offer the required agreements and suggested security measures to protect the customers’ PHI and ePHI. We considered pricing and focused on their general and advanced features, as well as our own analysis of their offerings.
Learn how we reviewed the best HIPAA-compliant cloud storage service providers by clicking on the tabs below:
20% of Overall Score
We looked into HIPAA-compliant file storage solutions that provide a free plan with a reasonable amount of storage. We checked out which providers offer monthly and yearly billing options and those that provide discounts for annual contracts and businesses with more users.
30% of Overall Score
We analyzed cloud storage services that offer at-rest and in-transit data encryption. We also ensured that there are more security measures in place, such as access control and data classification. We also considered those that provided generous storage capacity, including those with unlimited offers.
20% of Overall Score
We scored service providers based on their additional capabilities as well as the scalability of their platforms. We checked which solutions offer third-party integrations with popular apps for workflow efficiency. We also checked their reliability and the variety of file types they support.
30% of Overall Score
We evaluated their platform’s ease of use and value for money. We also looked into their popularity and customer reviews about their experiences with their services. Finally, we considered our own experience and overall insights on each cloud solution.
Confidential health data are commonly stored in the cloud. Choose among the most secure cloud storage services to protect your clients’ sensitive data and stay compliant with HIPAA privacy rules. Ensure that they sign a BAA with a HIPAA-compliant entity. Check out Sync.com, Microsoft OneDrive, Box, Google Drive, Dropbox Business, and Amazon AWS to determine which cloud platform stores PHI and works best for you.