HIPAA Compliant File Sharing Review
September 18, 2017
This is an update of a Total HIPAA file-sharing blog published on July 19, 2016:
We’ve added four new vendors to the list – Accellion, Egnyte, FTP Today, and Syncplicity. Also, Google Drive for Business is modified and is now branded as G Suite.
File sharing is a critical tool used by businesses and healthcare providers to easily share, control, and protect important files stored in the cloud. These applications are indispensable to businesses and individuals that require more space to store their files and the desire of adding flexibility to access information anywhere.
These are incredibly powerful tools, but at the same time, they can be challenging. You are trusting a third party with important files and anytime information is out of your control, it can be hacked, corrupted or lost.
There are many options for you and your business when you’re looking for programs to use. We will provide you with a basic overview of each product, its security measures, the setup, and the pricing. This information will help you decide which application will work best for you and your business.
This list does not review all the products available. There are other options in the marketplace. In this blog, we have selected some of the more popular ones. Most importantly, all the products reviewed are HIPAA compliant file sharing applications. You may scroll down to the table provided and read highlights of the review.
HIPAA compliant file sharing apps that we reviewed are following:
Accellion – HIPAA compliant file sharing service
Kiteworks has received FIPS 140-2 Level 1 Validation and is compliant with ISO27001 certification. AES 256-bit encryption is used in both at-rest and in-transit data transfer. Kiteworks includes many handy features such as being able to see when your file is downloaded, a full activity log available to the sender and administrators, view
Kiteworks can be accessed in many convenient ways, such as their Microsoft Outlook plugin or desktop Windows Explorer or Finder applications. Native iOS and Android apps, and Microsoft 365 integration bring compatibility for your business no matter your device situation. You will need to contact them for a Business Associate Agreement (BAA).
Accellion starts at $15 per month per user. For enterprise features such as private cloud or 100% on-premise storage, there is custom pricing depending on the desired configuration. Learn more about pricing here.
Box uses encryption in-transfer with Transport Layer Security (TLS) and multi-layered encryption at-rest with AES 256-bit. They support other encryption cipher suites such as RC4 and they use strong password authentication and allow you to turn on two-factor authentication. They also have multiple levels of permission for accessing files in order to be sure only authorized people to have access to certain files.
Dropbox is one of the most popular file-sharing programs in the market. One of the strengths of this program is many of your employees will be familiar with this program. Until 2015, Dropbox was not a HIPAA compliant solution, not because their security standards were not strong enough, but because they refused to provide a BAA. Now, if you select Dropbox Business, they will sign a Business Associate Agreement, which means this could be a great solution for your company.
Additionally, Dropbox provides a BAA electronically via the Account page in the Admin Console. The Admins console also provides these features: activation of two-factor authentication, activity reports, ability to disable permanent deletion, monitoring of access and activity across the platform, user account permissions, and mobile security. Dropbox Business features a Standard and Advanced version. Dropbox Business Advanced has a number of advanced settings for file tracking, admin roles, and device approvals among other features. Visit their website to review which version might best fit your organization’s needs.
Dropbox has enterprise-grade security protection on files with 256-bit AES for files at-rest. TLS and Secure Sockets Layer (SSL) encryption are used for data transfers between Dropbox Applications and their servers to assure a protected channel with 128-bit or higher AES encryption. Dropbox Business has been audited and received SOC 2 and ISO 27001 compliance. Dropbox allows access to your files on any smartphone or tablet through their application, and the standard business plan features 2 TB of space. They let you create passwords and expirations for links in order to determine who can access a shared link and for what amount of time. There is also a remote wipe feature in case of a lost or stolen device.
Business Standard pricing is $15.00/user/month or $12.50/user/month if paid annually. Business Advanced is $25.00/user/month or $20.00/user/month if paid annually. Neither versions have a limit to file sizes, but Standard has a 2 TB storage limit and Advanced is unlimited. The subscription requires a minimum purchase of 3 user licenses, but this doesn’t mean you can’t have less than 3. Organizations can save or reuse licenses. This option offers as much space as needed for storage as well as a 30-day free trial before purchasing.
Egnyte offers Egnyte Connect, a file sharing service that has some attractive features in their business tier including smart reporting and auditing so you can have complete confidence in your data using system-wide analytics.
With Egnyte, you can expect multi-factor authentication, auditing capabilities, and SSAE 16 certified data centers to secure your information. Locally stored files, at-rest data, and in-transit data are all protected with AES 256-bit encryption. This service is ISO/IEC 27001:2013 certified to secure your data.
Egnyte Connect’s platform is accessible from desktop, mobile, and in-browser. They will enter into a Business Associate Agreement when you sign up for the service. Because this service is per employee, you will need to purchase and set up licenses for each of your employees.
Egnyte offers this service on a per employee basis. A business tier is a good option for most businesses at $15.00/user/month with access to features like audits or multi-factor authentication and more. The business tier allows up to 10 TB of storage with a maximum file size of 10GB. It is important to note that you will need the enterprise tier if you have more than 100 employees. A 15-day free trial is available for the business plan, while you will need to call 1-877-734-6983 for pricing of the more advanced level.
About FTP Today
FTP Today prides themselves on the fact that their service is built around regulatory compliance and strong security. You can choose between FTP, HTTPS, FTPS,
FTP Today Security
Files are protected with very strong 2048-bit encryption in-transit, and can be configured to be encrypted with AES 128-bit encryption at-rest (only with the purchase of the Compliant Enterprise Package). FTP Today ensures security under SOC 1 and SOC 2 Type II audits as well as ISAE 3402 and AT-101 audit standards. Their data centers are also certified ISO/IEC 27001:2013, to protect and ensure your organization’s data.
FTP Today Set-Up
This file sharing service has many methods for access ranging from an in-browser web app to standalone software. Depending on your use case, being able to manage files without having to install software could be a very useful feature. FTP Today provides a BAA available for download on their website.
FTP Today Pricing
They offer several subscription packages based on your business needs. However, to get access to important features such as at-rest encryption or FIPS 140-2 Cipher Enforcement, your organization will want to go with the Compliant Enterprise tier or above which is $250.00 per month, or $225.00 per month if paid annually. This higher tier will come with unlimited users, so it may not be much more expensive than some other options. With the Compliant Enterprise package, your organization will receive an unlimited amount of users, unlimited file size, and starts at 25 GB of storage space with the option to add more. For $1.00/GB your add more storage to your subscription. There is also a 30-day free trial and
About G Suite
Since our last update, Google has unveiled G Suite, a package of software designed for work. It features Google’s popular apps designed to connect your company. G Suite includes Gmail, Docs, Sheets, Forms, Slides, Drive, Calendar, and a Mobile Management feature. Access files in Google drive through the smartphone/tablet app or via your web browser.
G Suite Security
Google has received both ISO 27001 certifications and passed SOC2 and SOC3 Type II audits. Google provides two-factor authentication, that makes accessing data more difficult for hackers, and has HIPAA required logging of who has been accessing information. They used SSL and TLS to protect data in transit. Google will sign a Business Associate Agreement for what they consider their core services. You can read more about their HIPAA implementation guide here.
G Suite Setup
Visit their site to get started. From that point, sign into your Google account and follow the steps.
G Suite starts at $5.00/user/month and comes with 30 GB of storage. For $10.00/user/month you receive unlimited storage. For $25.00/user/month, the enterprise tier comes with advanced features such as data loss prevention and Gmail log analysis.
If you use Microsoft Office for most of your day-to-day tasks, then OneDrive is a great way to manage documents and files online or offline. Signing up for OneDrive Business includes the use of OneDrive Online to create, edit, and share documents and can help with productivity.
Data is encrypted both in-transit and at-rest using 256-bit AES encryption and is FIPS 140-2 Compliant. All SSL/TLS connections are established using 2048-bit keys. OneDrive Business is ISO 27001 certified. Microsoft recommends that the Office 365 and Microsoft Dynamics CRM Online service, when used appropriately by all employees, will achieve compliance because personal and business accounts can be synced for convenience.
OneDrive for Business Plan 1 is priced at $5.00/user/month with an annual commitment and includes OneDrive and 1TB of file storage and sharing per user. For $10.00/user/month, Business Plan 2 features unlimited storage, data-loss prevention to monitor and protect sensitive information, and In-Place Holds to preserve deleted documents. For $12.50/user/month, you get Office 365 Premium with access to Microsoft’s suite of Office 365 applications and other services, such as Skype for Business.
ShareFile allows the sharing of large business files by simply entering the recipient’s email address. There is a plug-in available for Microsoft Outlook and desktop. ShareFile offers a full suite of mobile tools that work on most mobile devices, and they allow access control for all.
All files are protected using 256-bit encryption, and stores information in SSAE 16 Type II accredited data centers. ShareFile supports TLS 1.0, 1.1 and 1.2 as well as SSL. Sharefile utilizes an industry standard in authentication called oAuth. With
Install the desktop app or access the service online via the Sharefile Web Portal. Installing the desktop application allows the user to easily upload files to their ShareFile account. For a 30-Day Free Trial go to ShareFile.
Team package, for five users, costs $60.00/month (billed annually) that includes 5 users; each additional user is $8.00 per month. You receive 1 TB of storage with 10 GB Max File Size. Similarly, the business package costs $100.00/month (billed annually). It includes 5 users, and each additional user costs $10.00 per month. The Business package has an enhanced interface with unlimited storage and a 100 GB max file size. This package also comes with encrypted email and features File Drop that allows sharing files with customers or specific employees.
Syncplicity offers a Hybrid Cloud Solution for your IT needs. It contains features like file share replacement, real-time document protection
Syncplicity provides many tools to control and protect the data of your business. You can be sure your data is safe with AES 256-bit encryption in-transit and at-rest. Syncplicity also includes remote wiping of devices, two-factor authentication, and 3-tier network architecture for mobile access.
You can access your files on any device. Access through their mobile apps or on a computer through their web app. If your business uses Microsoft Outlook, Syncplicity offers Microsoft 365 integration.
Syncplicity Business Edition costs $60.00/user/year with 300 GB of storage with 5 more GB per user. The next tier up is the enterprise edition which requires a minimum of 25 users. It comes with features like Hybrid Cloud Storage and Panorama which adds mobile features. You will need to contact Axway for pricing. Each of these plans also come with a 30-day free trial. Click here to learn more about pricing and features.
Click the Table to Enlarge
There are many options for HIPAA compliant file sharing as the cloud becomes more and more popular. Any of these products are great solutions for your file sharing needs.