6 Best HIPAA-compliant Cloud Storage Providers in 2023
This article is part of a larger series on Unified Communications.
The best Health Insurance Portability and Accountability Act (HIPAA)-compliant cloud storage providers offer robust integrations, built-in productivity tools, and small business-friendly pricing. When looking for cloud storage solutions, it’s important to check if they have essential security features like audit trails and robust encryption. Other crucial security features to look out for include advanced sharing tools like file passwords, notification alerts, and unlimited data upload and storage.
Based on our expert review of several providers, here are the six best HIPAA-compliant cloud storage providers and their top use cases:
- Microsoft OneDrive: Best overall HIPAA-compliant cloud storage provider
- Amazon AWS: Best for dedicated storage of high-resolution photos and videos
- Dropbox Business: Best for simple, easy-to-use cloud storage
- Sync.com: Best for encryption and advanced sharing options
- Box: Best for unlimited storage capacities
- Google Drive: Best for low-cost cloud storage solutions
HIPAA compliance refers to federal regulatory standards regarding the lawful use and disclosure of protected health information (PHI) in the United States. These national standards are critical for healthcare entities, such as health insurance companies and clinics, and safeguard PHI from disclosure without patient knowledge or consent. HIPAA compliance is regulated by the Department of Health and Human Services (HHS).
Best HIPAA-compliant Cloud Storage Providers at a Glance
HIPAA File Storage Provider | Monthly Starting Price (per User) | Key Features | Maximum Storage Capacity | FSB Rating |
|---|---|---|---|---|
 | $5 |
| 1TB per user | 4.49 out of 5 |
 | Pay-as-you-go, 2.3 cents per GB, $1.99 for 100GB of photos and videos |
| Unlimited | 4.42 out of 5 |
 | $11.99 |
| 5TB* | 4.13 out of 5 |
 | $8 |
| Unlimited | 4.01 out of 5 |
 | $16 |
| Unlimited | 3.84 out of 5 |
 | $6.48 |
| 5TB** | 3.63 out of 5 |
*Dropbox’s Advanced and Enterprise plans offer as much space as needed and only the Business plans support HIPAA compliance.
**Google Drive Enterprise users can request more storage space.
Did you know HIPAA compliance also extends to video conferencing? HIPAA protects sensitive PHI from being disclosed without the patient’s knowledge. Healthcare providers using video conferencing need to use platforms that meet HIPAA regulations and standards. Read our best HIPAA-compliant video conferencing providers if this is a service you require.
Microsoft OneDrive: Best Overall HIPAA-compliant Cloud Storage Provider
Overall Score:
4.49 / 5
What We Liked
- Seamless integration with Microsoft 365 apps
- Strong security features like advanced encryption standard (AES) 256-bit at-rest and in-transit data encryption and two-factor authentication (2FA)
- Offers custom domain name
Where It Falls Behind
- Microsoft Teams is not available with OneDrive business plans
- Only Plan 2 offers unlimited individual cloud storage
- No monthly payment option
Microsoft OneDrive Monthly Pricing (per User)*
- OneDrive for Business (Plan 1): $5 for 1TB total storage, file size up to 100GB, file sharing, mobile apps, data encryption, and 24/7 support
- OneDrive for Business (Plan 2): $10 for unlimited individual cloud storage, file auditing and reporting, data retention, and advanced data loss prevention
- Microsoft 365 Business Basic: $3 for 1TB total storage, maximum of 300 people, Microsoft apps web versions, unlimited HD video conferences for up to 250 people, file sharing in MS Teams, and MS Teams hub
- Microsoft 365 Business Standard: $10 per for 1TB total storage, updated version of other Microsoft 365 apps, Microsoft Planner, and Yammer
*Subscriptions are paid annually, and prices do not include taxes.
Microsoft OneDrive is our top choice for the best HIPAA-compliant cloud storage provider because of its robust security features and seamless Microsoft integration. It’s a convenient file storage service with document sharing and collaboration features, such as coauthor, mentions, and block downloads. A Microsoft 365 subscription provides advanced protection, including ransomware detection and recovery, OneDrive restore, and personal vaults.
Microsoft applies a standard business associate agreement (BAA) when users handling PHI subscribe to a plan. Its services covered under the BAA have undergone audits by accredited independent auditors for Microsoft International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27001 certification and the HITRUST Common Security Framework (HITRUST CSF) certification.
Unfortunately, Microsoft OneDrive does not offer monthly contracts, only annual contracts. If you’re looking for a feature-rich cloud-storage solution with monthly billing, check out Google Drive. It offers seamless integration with Google apps providing a cloud-storage solution with access to voice-over-internet-protocol (VoIP) and productivity services. Google Drive offers a free personal plan with 15GB of cloud storage.
Microsoft OneDrive Features
OneDrive has a personal vault protected by identity verification. (Source: Microsoft)
- Personal vault: This is OneDrive’s special folder where you can store your sensitive and highly confidential files. It’s password-protected, and you can add a personal identification number (PIN), face scan, or fingerprint for extra security.
- Comment notifications: Get notified when someone adds comments to a document or replies to a comment on files stored in OneDrive. If this is too distracting, simply turn off this feature.
- Document scanning: Use your phone as a hand-held document scanner and store digital copies of all critical files, such as receipts, notes, and business cards, in OneDrive.
Amazon AWS: Best for Dedicated Storage of High-resolution Photos & Videos
Overall Score:
4.42 / 5
What We Liked
- Provides several cloud storage services, including S3 and Amazon Photos
- Designed for at least 99.999999999% annual durability
- Amazon Macie, which discovers and protects sensitive data stored in Amazon S3
Where It Falls Behind
- Complex functionality requires technical know-how
- Customers have reported auto-uploading glitches
- Reported issues of downtime and network connectivity
Amazon AWS Pricing*
Amazon Photos Storage Monthly Pricing:
- 5GB: Complementary storage
- 100GB: $1.99 for about 50,000 photos at 2MB or 14 hours of 1080p HD video
- 1TB: $6.99 for about 500,000 photos at 2MB or 140 hours of 1080p HD video
- 2TB: $11.99 for about 1,000,000 photos at 2MB or 280 hours of 1080p HD video
S3 Standard Monthly Pricing:
- First 50TB: 2.3 cents per GB
- Next 450TB: 2.2 cents per GB
- Over 500TB: 2.1 cents per GB
*Opt for Amazon Photos annual payment and save 16% to 28% yearly. Options for 3TB to 30TB are available starting at $179.97 yearly.
As a HIPAA-compliant provider, Amazon Photos cloud storage is ideal for businesses looking for secure full-resolution images and video storage. Amazon Photos subscribers get 5GB photo and video storage, while Amazon Prime members get free, unlimited full-resolution photo storage plus 5GB video storage. This affordable solution is excellent for photographers or ad and marketing teams handling high-volume images daily.
In addition to Amazon Photos, AWS’ Amazon’s Simple Storage Service (S3) is a secure platform that stores and encrypts upload objects. Only users can access the S3 resources they create by default unless direct access is granted to others. S3 is compliant with programs such as PCI DSS (Payment Card Industry Data Security Standard), HIPAA/HITECH, European Union (EU) Data Protection Directive, and Federal Information Security Management Act (FISMA).
Amazon Photos is a secure online storage service for photos and videos, while S3 is a simple, bare-boned HIPAA-compliant cloud service designed to store and retrieve any type or amount of data from anywhere. Suppose you want a unified communications (UC) cloud storage solution with robust productivity tools. In that case, you’re better off with Microsoft OneDrive or Google Drive, which seamlessly integrates with Microsoft 365 and Google.
Amazon AWS Features
Use your photos as your Amazon device screensaver. (Source: Amazon)
- Amazon prints: Easily create print projects for your Amazon photos account and have them shipped to specific locations and addresses. This feature is available to all U.S. Amazon customers.
- Photo sharing: Create groups based on relationships, events, and interests. Users can create up to 2,500 groups and invite up to 50 members per group.
- Upload, download, and edit: Manage your Amazon Photos folder and group content using any compatible device.
Dropbox Business: Best for Simple, Easy-to-use Cloud Storage
Overall Score:
4.13 / 5
What We Liked
- Uncomplicated and straightforward design
- Allows users to incorporate existing personal accounts to a business account
- Has a remote-wipe security feature
Where It Falls Behind
- Limited to three free signature requests per month
- Alerts and notifications are only available under the Enterprise plan
- No phone support on lower-tier plans
- Fairly expensive for small teams and businesses
Dropbox Business Monthly Pricing (per User)*
- Free: 2GB of storage
- Plus: $11.99 for 2TB, unlimited device linking, 30-day file and account history, 2GB file delivery, and three free signatures
- Family: $19.99 for 2TB, six users, family room folder, and single billing
- Professional: $19.99 for 3TB, advanced sharing controls and file locking, 180-day file and account recovery, and up to 100GB file delivery
- Standard: $18 for a minimum of three users, 5TB, content protection and external sharing controls, file and account recovery for up to 180 days, automatic backup, and HIPAA compliance
- Advanced: $30 for more than three users, always on security monitoring, notifications, and alerts, data classification
*Dropbox offers annual billing for greater savings. The Advanced and Enterprise plans offer as much space as needed.
Dropbox Business is an easy-to-use, reliable, and secure file storage solution with basic content collaboration tools like file requests, assigned sharing roles, and password protection. The most significant advantage of Dropbox is its simplicity—its drag-and-drop design makes it easy for users to upload files into folders. For less tech-oriented individuals using Dropbox for backup, its synchronization feature updates your cloud files when changes are made to the desktop app.
Dropbox’s Standard and Advanced plans are HIPAA-compliant, making it a viable option for hospitals, doctors, and other medical clinics to meet HIPAA and HITECH legal requirements. Strengthen the security of your PHI by linking third-party apps like Active Directory to your Dropbox Business account for greater functionality. Active Directory authenticates the identity of your team members to ensure your data is safe and secure.
Unfortunately, Dropbox’s free plan is limited to 5GB, and HIPAA-compliant file storage is only available in two of the highest monthly plans, which start at $18 per user. Microsoft OneDrive is a more affordable option, thanks to its monthly base plan that starts at just $5 per user. Although it only offers annual billing, a subscription gives you access to Microsoft’s productivity tools and services suite.
Dropbox Business Features
Connect apps like Slack and HelloSign to your Dropbox account. (Source: Dropbox)
- Expiring links: Limit access to your shared files by setting expiration dates on your shared links.
- Full text: Search the content of all files, including those scanned, using your Dropbox mobile app. This feature is available for all Dropbox plans
- Dropbox paper: Collaborate in real time, assign tasks, and make and share to-do lists from this co-editing tool. Paper is a single workspace for your team to create and collaborate on.
Sync.com: Best for Encryption & Advanced Sharing Options
Overall Score:
4.01 / 5
What We Liked
- All paid plans come with General Data Protection Regulation (GDPR) and Personal Information Protection and Electronic Documents Act (PIPEDA) compliance
- Up to 365-day file history and recovery
- Offers custom branding
Where It Falls Behind
- Lacks third-party tools integration
- Doesn’t offer monthly billing
- Reports of slow data syncing
Sync.com Monthly Pricing (per User)*
- Free: 5GB of storage and basic sharing features
- Solo Basic: $8 for 2TB of storage, unlimited data transfer, end-to-end encryption, and advanced sharing
- Solo Professional: $20 for 6TB of storage, custom branding, and HIPAA compliance
- Team Standard: $6 for 1TB of storage, a minimum of two users, and advanced administration tools
- Team Unlimited: $15 for unlimited storage, a minimum of two users, 365-day history, VIP response time, and on-demand business hour phone support
*Sync.com only offers annual billing.
Sync.com has excellent security and sharing options that restrict unauthorized access to all files. It boasts of a zero-knowledge encryption policy, available even in the free plan, which prevents the decryption of files stored on its servers. This guarantees data security because Sync.com does not have access to the encryption keys used to encrypt and decrypt keys to your account.
Sync.com is a security-focused HIPAA-compliant file storage with excellent sharing options, such as password-protected sharing, download limits, and file sharing expirations. These features ensure you have ultimate control over your shared information and data.
While Sync.com is an excellent HIPAA-compliant service provider, businesses looking to streamline business applications are better off with a platform offering robust integrations. Check out Dropbox Business, which integrates with popular productivity and team collaboration apps like Slack and Zoom. For more information on productivity and collaboration tools, specifically virtual meeting solutions, read our best video conferencing software guide.
Sync.com Features
Share your files securely using your computer and mobile devices. (Source: Google Play)
- Automatic camera upload: Turn on this optional feature and Sync.com will automatically upload copies of your mobile device’s photos and videos. These will be stored in a “Camera Uploads” folder and synchronize with your computer and all connected devices.
- Sync vault: This is a cloud-only storage space typically used to store backup folders and files. This is great for freeing up space on your mobile devices, especially when traveling for business.
- File request with links: Easily and securely receive files from people, and they will only upload to your specified folders.
Box: Best for Unlimited Storage Capacities
Overall Score:
3.84 / 5
What We Liked
- Offers a free plan and monthly and yearly billing
- Extensive third-party app integrations
- Offers unlimited file storage
Where It Falls Behind
- Business plans require at least three users per subscription
- Reports of slow file syncing
- HIPAA compliance only available under Enterprise plan
Box Monthly Pricing (per User)
- Free: 10GB of storage, 250MB file upload limit, and five documents for e-sign
- Personal Pro: $16 for a single user, 100GB of storage, 5GB file upload, 10 file versions, 15 docs for e-sign, and unlimited templates
- Business Starter: $7 for at least three users, 100GB of storage, 2GB file upload, 25 file versions, 10 docs for e-sign per user, and unlimited templates
- Business: $20 for at least three users, 5GB file uploads, unlimited storage, 1,500-plus integrations, unlimited e-signatures, and data loss protection
- Business Plus: $33 for at least three users, unlimited storage and external collaborations, 15GB file uploads, advanced search filters, and custom metadata and templates
- Enterprise: $47 for at least three users, 50GB file uploads, HIPAA and Federal Risk and Authorization Management Program (FedRAMP) compliance, watermarking, and advanced security
- Enterprise Plus: Custom pricing for 150GB file upload limit, additional Box apps, and enhanced services
Box offers unlimited cloud storage and has a robust list of third-party app integrations. Its plan selection includes free and personal accounts to business and enterprise plans. Box is geared toward companies as its unmetered plans unlock under the Business and Enterprise tiers. It has no caps on the number of files you can upload but has file size restrictions. Users on the most popular plan, Business Plus, have a single file upload limit of 5GB.
Box integrates with over 1,500 apps, providing teams with a unified content experience. Integrate it with the tools your business uses regularly, such as Salesforce and Smartsheet. Check the Box App Center, and if your preferred apps like Shopify and QuickBooks integrations are not available, try Zapier to connect Box with other popular applications.
Box provides file storage and sharing, content management, collaboration, e-signature, and workflow solutions in a single platform. Its enterprise plans comply with various regulations, including HIPAA, HITECH, and FedRAMP. These plans come with other security features, such as device trust, password policy enforcement, and document watermarking.
Box works best for teams since the business and enterprise plans require a minimum of three users per plan. If you’re a solopreneur or professional who needs a single-user account, check out Sync.com. Its solo professional plan is priced at $20 per user, monthly, and comes with 6TB of storage, custom branding, and HIPAA compliance.
Box Features
Share links to files and folders to actively collaborate in real time. (Source: Box)
- Box Canvas: Collaborate with colleagues in real time using Box’s whiteboard to build out ideas, plans, and protocols. Use this tool to manage interactive meetings and workshops.
- Box AI: Use this artificial intelligence (AI) tool to summarize documents, generate meeting agendas, and outline action items. This tool can help create content by drafting press releases and writing personalized sales emails.
- Box Notes: Level off and get everyone on the same page using Box Notes. It lets users share ideas and take live notes online to boost productivity and teamwork.
Google Drive: Best for Low-cost Cloud Storage Solutions
Overall Score:
3.63 / 5
What We Liked
- Integrates with Docs, Sheets, Slides for collaborative content creation
- Offers two-step security verification
- Meeting recordings can be saved to Drive
Where It Falls Behind
- Reliance on a Google account
- Limited offline access and functionality
- Slow download and upload speeds
Google Drive Monthly Pricing (per User)*
- Free: Personal plan with 15GB per user with 100 video conferencing participants, Gmail, and self-service support
- Business Starter: $6.48 for 30GB of pooled cloud storage, business email, 100-participant video meeting, and standard support
- Business Standard: $12.96 for 2TB of pooled cloud storage, email with eDiscovery and retention, 500-participant video meetings with recordings and attendance tracking, and enhanced security and management
- Business Plus: $21.60 for 5TB of pooled cloud storage, 500-participant video meetings with recordings and attendance tracking, and enhanced security tools, such as Vault
- Enterprise: Custom pricing for 5TB of pooled cloud storage, email with encryption, 1,000-person video meetings with noise cancellation and in-domain live streaming, and enhanced support
*The Starter, Standard, and Plus plans have a maximum of 300 users. Gain more savings when you opt for annual subscriptions.
Google Drive is an easy-to-use, great value secure cloud storage option, excellent for existing Google Workspace users. Google offers a free personal plan with 15GB of secure cloud storage and access to Google Workspace apps like Docs, Sheets, Calendar, and Meet. Google Workspace business plans have flexible pooled storage per user shared across the organization, starting at 30GB on the base plan.
Google Workspace—including Google Drive—supports HIPAA compliance. Google Workspace and Cloud Identify customers subject to HIPAA must sign a Business Associate Agreement (BAA) with Google, and this covers other Google apps, such as Gmail, Google Drive, Google Calendar, and Google Vault.
Google Drive offers excellent productivity tools, generous free plan storage, and cross-platform integration, but no password protection features exist for shared files. If you need this additional security measure, Sync.com is for you. It offers advanced sharing features like restricted downloads and password-protected sharing.
Are you a Google user interested in Google’s VoIP services? Check out our Google Voice review that details Google’s free local phone number services. Learn more about its use cases, pricing, and Google integration benefits.
Google Drive Features
Google Drive supports over 100 file types, including Microsoft Office file formats. (Source: Google Play)
- File syncing: Easily sync files from your computer, mobile devices, and tablets without worrying about transferring or uploading files manually. Sync photos, videos, documents, and other files with Google Drive and select what files you want to be synced.
- Advanced search: Google Drive’s advanced search features are handy when you have many files in your drive. You can search for files and folders that contain specific words in the title or content.
- File scanning: Download the Google Drive mobile app and use your camera to scan an image and save it directly to your drive.
How We Evaluated the Best HIPAA-compliant Cloud Storage Providers
We examined various cloud storage solutions supporting HIPAA compliance and looked at which platforms provide free subscriptions, annual billing, and volume-based discounts. We also considered its general and niche features, like unlimited data transfer, file restoration, and offline access. We rated each provider according to price and features to develop scoring criteria showing overall value and ease of use.
Learn how we evaluated the best HIPAA-compliant cloud storage providers by clicking on the tabs below:
20%
Pricing
25%
General Features
20%
Advanced Features
10%
Ease of Use
10%
Customer Support
15%
Expert Score
20% of Overall Score
We reviewed the prices of all HIPAA-compliant online storage providers, including discounts for annual prepayment and multiple user subscriptions. Moreover, we looked at the availability of free trials and the cost of its base plan.
25% of Overall Score
We examined each provider’s general features, including whether it offers unlimited data transfer and storage. We also prioritized solutions with file restoration and team collaboration tools like whiteboarding.
20% of Overall Score
For niche features, we considered a provider’s security metrics, industry standard compliance, and offline access. Similarly, we awarded additional points if solutions supported robust software integrations.
10% of Overall Score
We assessed each provider’s user-friendliness by testing it to see if the platform is intuitive and evaluate its interface design. We checked user reviews from reliable websites and considered if there were learning curves during the setup and configuration phase.
10% of Overall Score
This criterion refers to the support channels offered by HIPAA-compliant data storage solutions figured into our overall rating. We checked each provider’s customer support channels, such as phone, live chat, and email. Additional points are given if all support channels are available 24/7.
15% of Overall Score
We assessed each provider’s overall performance and quality by considering its standout features and value for money. The provider’s popularity and user-friendliness were also part of our criteria.
*Percentages of overall score
Frequently Asked Questions (FAQ)
Yes, several VoIP providers, such as Dialpad and RingCentral, support HIPAA compliance. Healthcare providers must ensure that their partners and service providers follow HIPAA guidelines and protect sensitive PHI data.
HIPAA compliance is required for entities handling PHI, and companies and individuals who violate HIPAA standards will face penalties ranging from fines to imprisonment.
Cloud storage is better than local storage for two main reasons: price and accessibility. Cloud storage saves data like files, videos, or images on remote servers managed by third-party providers and is accessible via the internet. Thus, cloud storage can be accessed anywhere, and because it has no physical storage requirements, subscriptions to cloud storage plans are more cost-effective.
Bottom Line
Professionals and teams operating a medical practice with access to confidential health data must comply with HIPAA standards and regulations. While many cloud storage solutions exist, the best HIPAA-compliant cloud storage provider depends on your budget, storage capacity needs, and preferred security features like file-sharing passwords and expiration dates.
Based on our review, Microsoft OneDrive received the highest rating because it offers robust security features, competitive pricing, and seamless integration with Microsoft tools. Try out Microsoft 365’s one-month free trial to determine if it’s the right solution.
