Looking for a Business Associate Agreement? Download our FREE starter template.
Total HIPAA Logo

Most Popular HIPAA Compliant File Sharing Apps

HIPAA compliant file sharing apps are necessary if your company is dealing with personal health data.

File sharing is a critical tool used by businesses and healthcare providers to easily share, control, and protect important files stored in the cloud. These applications are indispensable to businesses and individuals that require more space to store their files and the desire of adding flexibility to access information anywhere.

These are incredibly powerful tools, but at the same time, they can be challenging. You are trusting a third party with important files and anytime information is out of your control, it can be hacked, corrupted or lost.

There are many options for you and your business when you’re looking for programs to use. We will provide you with a basic overview of each product, its security measures, the setup, and the pricing.  This information will help you decide which application will work best for you and your business.

This list does not review all the products available. There are other options in the marketplace. In this blog post, we have selected some of the most popular ones. Most importantly, all the products reviewed are HIPAA compliant file sharing applications. You may scroll down to the table provided and read highlights of the review.

HIPAA compliant file sharing apps that we reviewed are following:

  1. Accellion
  2. Box
  3. Dropbox
  4. Egnyte
  5. FTP Today
  6. G Suite
  7. OneDrive
  8. ShareFile
  9. Syncplicity

Accellion – HIPAA compliant file sharing service

Accellion offers Kiteworks, a HIPAA compliant file sharing service aimed at solving the problem of how to transfer files securely and simply when it’s just too big for an email attachment. If collaboration is your need, Kiteworks has shared folders that follow HIPAA compliance internally and externally. Accellion also has built-in messaging and commenting services that enable quick communication between business professionals.

Accellion Security

Kiteworks has received FIPS 140-2 Level 1 Validation and is compliant with ISO27001 certification.  AES 256-bit encryption is used in both at-rest and in-transit data transfer. Kiteworks includes many handy features such as being able to see when your file is downloaded, a full activity log available to the sender and administrators, view only mode, watermarking, and Data Leak Investigator integration to help protect your sensitive content. Read their security overview here.

Accellion Set-Up

Kiteworks can be accessed in many convenient ways, such as their Microsoft Outlook plugin or desktop Windows Explorer or Finder applications. Native iOS and Android apps, and Microsoft 365 integration bring compatibility for your business no matter your device situation. You will need to contact them for a Business Associate Agreement (BAA).

Accellion Pricing

Accellion starts at $15 per month per user. For enterprise features such as private cloud or 100% on-premise storage, there is custom pricing depending on the desired configuration. Learn more about pricing here.

Box File Sharing Review

Box – HIPAA compliant file sharing service

Box allows businesses to securely share large files, view and comment on documents, and connect coworkers with each other across devices with operating systems running on Windows, Mac OS X and many mobile platforms. The Enterprise plan is the only tier that Box will agree to sign a BAA. One of Box’s strengths is the number of integrations that they have. This is great for keeping all your information up-to-date across all the programs you use. Whether you need to connect to Salesforce for more efficient customer relations, store your messages from RingCentral, or integrate DocuSign for complete electronic transactions’ your Box account can do the job. The list of integrationsof this HIPAA compliant file sharing service also includes Adobe, Trello, Zendesk, HootSuite, Oracle Marketing Cloud, and several other applications.

Box Security

Box uses encryption in-transfer with Transport Layer Security (TLS) and multi-layered encryption at-rest with AES 256-bit. They support other encryption cipher suites such as RC4 and they use strong password authentication and allow you to turn on two-factor authentication. They also have multiple levels of permission for accessing files in order to be sure only authorized people to have access to certain files. Box is in accordance with SSAE 16 Type II, ISO 27001, and ISO 27018 standards, and has updated third-party SOC1 and SOC2 certifications. You can learn more about their HIPAA securities here.

Box Setup

A 14-day free trial is available for the business option. Once you finish the signup process, the Box desktop application is available to download for both Mac and PC. Their mobile applications support iPhones, iPads, Android phones, Android tablets, Windows phones, and Blackberry.

Box Pricing

Box only signs BAAs with companies that choose the Enterprise plan. You will need to request a quote in order to purchase this level of service. Prices will vary depending on the size of your company and number of users. Enterprise includes a 5 GB file upload limit and unlimited storage space.

Dropbox File Sharing Review

Dropbox -HIPAA compliant file sharing service

Dropbox is one of the most popular file-sharing programs in the market. One of the strengths of this program is many of your employees will be familiar with this program. Until 2015, Dropbox was not a HIPAA compliant solution, not because their security standards were not strong enough, but because they refused to provide a BAA. Now, if you select Dropbox Business, they will sign a Business Associate Agreement, which means this could be a great HIPAA compliant file sharing solution for your company.

Additionally, Dropbox provides a BAA electronically via the Account page in the Admin Console. The Admins console also provides these features: activation of two-factor authentication, activity reports, ability to disable permanent deletion, monitoring of access and activity across the platform, user account permissions, and mobile security. Dropbox Business features a Standard and Advanced version. Dropbox Business Advanced has a number of advanced settings for file tracking, admin roles, and device approvals among other features. Visit their website to review which version might best fit your organization’s needs.

Dropbox Security

Dropbox has enterprise-grade security protection on files with 256-bit AES for files at-rest. TLS and Secure Sockets Layer (SSL) encryption are used for data transfers between Dropbox Applications and their servers to assure a protected channel with 128-bit or higher AES encryption. Dropbox Business has been audited and received SOC 2 and ISO 27001 compliance.

Dropbox allows access to your files on any smartphone or tablet through their application, and the standard business plan features 2 TB of space. They let you create passwords and expirations for links in order to determine who can access a shared link and for what amount of time. There is also a remote wipe feature in case of a lost or stolen device.

Dropbox Setup

The setup for Dropbox is a user-friendly online site and application that works on all computer platforms. Dropbox is HIPAA compliant only when you purchase Dropbox Business. To install Dropbox, go to this link.

Dropbox Pricing

Business Standard pricing is $15.00/user/month or $12.50/user/month if paid annually.

Business Advanced is $25.00/user/month or $20.00/user/month if paid annually.

Neither versions have a limit to file sizes, but Standard has a 2 TB storage limit and Advanced is unlimited. The subscription requires a minimum purchase of 3 user licenses, but this doesn’t mean you can’t have less than 3. Organizations can save or reuse licenses. This option offers as much space as needed for storage as well as a 30-day free trial before purchasing.

Egnyte – HIPAA compliant file sharing service

Egnyte offers Egnyte Connect, an HIPAA compliant file sharing service that has some attractive features in their business tier including smart reporting and auditing so you can have complete confidence in your data using system-wide analytics.

Egnyte Security

With Egnyte, you can expect multi-factor authentication, auditing capabilities, and SSAE 16 certified data centers to secure your information. Locally stored files, at-rest data, and in-transit data are all protected with AES 256-bit encryption. This service is ISO/IEC 27001:2013 certified to secure your data.

Egnyte Set-Up

Egnyte Connect’s platform is accessible from desktop, mobile, and in-browser. They will enter into a Business Associate Agreement when you sign up for the service. Because this service is per employee, you will need to purchase and set up licenses for each of your employees.

Egnyte Pricing

Egnyte offers this service on a per employee basis. A business tier is a good option for most businesses at $15.00/user/month with access to features like audits or multi-factor authentication and more. The business tier allows up to 10 TB of storage with a maximum file size of 10GB. It is important to note that you will need the enterprise tier if you have more than 100 employees. A 15-day free trial is available for the business plan, while you will need to call 1-877-734-6983 for pricing of the more advanced level.

FTP Today –HIPAA compliant file sharing service

FTP Today prides themselves on the fact that their service is built around regulatory compliance and strong security. You can choose between FTP, HTTPS, FTPS, FTPeS, SFTP, or SCP protocols to support your network, thus allowing compatibility with desktop, mobile, legacy servers, and mainframes. Also, FTP Today offers four separate packages to choose from, but the Compliant Enterprise package is the only HIPAA compliant service they offer.

FTP Today Security

Files are protected with very strong 2048-bit encryption in-transit, and can be configured to be encrypted with AES 128-bit encryption at-rest (only with the purchase of the Compliant Enterprise Package). FTP Today ensures security under SOC 1 and SOC 2 Type II audits as well as ISAE 3402 and AT-101 audit standards. Their data centers are also certified ISO/IEC 27001:2013, to protect and ensure your organization’s data.

FTP Today Set-Up

This HIPAA compliant file sharing service has many methods for access ranging from an in-browser web app to standalone software. Depending on your use case, being able to manage files without having to install software could be a very useful feature. FTP Today provides a BAA available for download on their website.

FTP Today Pricing

They offer several subscription packages based on your business needs. However, to get access to important features such as at-rest encryption or FIPS 140-2 Cipher Enforcement, your organization will want to go with the Compliant Enterprise tier or above which is $250.00 per month, or $225.00 per month if paid annually. This higher tier will come with unlimited users, so it may not be much more expensive than some other options.

With the Compliant Enterprise package, your organization will receive an unlimited amount of users, unlimited file size, and starts at 25 GB of storage space with the option to add more. For $1.00/GB your add more storage to your subscription. There is also a 30-day free trial and a 30-day money back guarantee with this service.

G Suite File Sharing Review

G Suite -HIPAA Compliant File Sharing Service

Since our last update, Google has unveiled G Suite, a package of software designed for work. It features Google’s popular apps designed to connect your company. G Suite includes Gmail, Docs, Sheets, Forms, Slides, Drive, Calendar, and a Mobile Management feature. Access files in Google drive through the smartphone/tablet app or via your web browser.

G Suite Security

Google has received both ISO 27001 certifications and passed SOC2 and SOC3 Type II audits. Google provides two-factor authentication, that makes accessing data more difficult for hackers, and has HIPAA required logging of who has been accessing information. They used SSL and TLS to protect data in transit. Google will sign a Business Associate Agreement for what they consider their core services.  You can read more about their HIPAA implementation guide here. As long as the files are maintained on your domain, and you have a BAA with Google, the documents stored there are encrypted and are HIPAA compliant. Part of proper HIPAA configuration is you are required to turn off link sharing as part of your HIPAA compliance setup. However, you are able to share access to that drive, which is different than a link. A link allows anyone to see that file, you can still restrict access, but it’s less secure than directly sharing that folder with a user. At this point, you can also restrict items like downloading, commenting, and editing of the documents.

G Suite Setup

Visit their site to get started. From that point, sign into your Google account and follow the steps.

G Suite Pricing

G Suite starts at $5.00/user/month and comes with 30 GB of storage. For $10.00/user/month you receive unlimited storage. For $25.00/user/month, the enterprise tier comes with advanced features such as data loss prevention and Gmail log analysis.

OneDrive File Sharing Review

OneDrive -HIPAA Compliant File Sharing Service

If you use Microsoft Office for most of your day-to-day tasks, then OneDrive is a great way to manage documents and files online or offline. Signing up for OneDrive Business includes the use of OneDrive Online to create, edit, and share documents and can help with productivity.

OneDrive Security

Data is encrypted both in-transit and at-rest using 256-bit AES encryption and is FIPS 140-2 Compliant. All SSL/TLS connections are established using 2048-bit keys. OneDrive Business is ISO 27001 certified. Microsoft recommends that the Office 365 and Microsoft Dynamics CRM Online service, when used appropriately by all employees, will achieve compliance because personal and business accounts can be synced for convenience.

OneDrive Setup

In order to be HIPAA compliant, you have to use OneDrive for Business. Office 365 Business Essentials will need to be purchased to in order to receive a signed BAA via the Admin Portal. In the portal under “business options” there is a BAA that will be signed electronically.

For more information on BAAs and to see the OneDrive HIPAA Compliance Guide. Install OneDrive through the website. The user will need to register if they do not have an existing account with Office 365 Online.

OneDrive Pricing

OneDrive for Business Plan 1 is priced at $5.00/user/month with an annual commitment and includes OneDrive and 1TB of file storage and sharing per user. For $10.00/user/month, Business Plan 2 features unlimited storage, data-loss prevention to monitor and protect sensitive information, and In-Place Holds to preserve deleted documents. For $12.50/user/month, you get Office 365 Premium with access to Microsoft’s suite of Office 365 applications and other services, such as Skype for Business.

ShareFile File Sharing Review

Sharefile -HIPAA Compliant File Sharing Service

ShareFile allows the sharing of large business files by simply entering the recipient’s email address.  There is a plug-in available for Microsoft Outlook and desktop. ShareFile offers a full suite of mobile tools that work on most mobile devices, and they allow access control for all.

Sharefile Security

All files are protected using 256-bit encryption, and stores information in SSAE 16 Type II accredited data centers. ShareFile supports TLS 1.0, 1.1 and 1.2 as well as SSL. Sharefile utilizes an industry standard in authentication called oAuth. With oAuth, administrators can set tokens with time limits on when the data can be accessed.

Sharefile Set-Up

Install the desktop app or access the service online via the Sharefile Web Portal. Installing the desktop application allows the user to easily upload files to their ShareFile account. For a 30-Day Free Trial go to ShareFile.

Sharefile Pricing

Team package, for five users, costs $60.00/month (billed annually) that includes 5 users; each additional user is $8.00 per month. You receive 1 TB of storage with 10 GB Max File Size. Similarly, the business package costs $100.00/month (billed annually). It includes 5 users, and each additional user costs $10.00 per month.

The Business package has an enhanced interface with unlimited storage and a 100 GB max file size. This package also comes with encrypted email and features File Drop that allows sharing files with customers or specific employees.


Syncplicity – HIPAA Compliant File Sharing Service

Syncplicity offers a Hybrid Cloud Solution for your IT needs. It contains features like file share replacement, real-time document protection and backup, and secure mobile collaboration. They offer useful features such as external sharing restrictions, geo-fencing files, and audit reports by user, device, folder, file and admin actions.

Syncplicity Security

This HIPAA compliant file sharing service provides many tools to control and protect the data of your business. You can be sure your data is safe with AES 256-bit encryption in-transit and at-rest. Syncplicity also includes remote wiping of devices, two-factor authentication, and 3-tier network architecture for mobile access.

Syncplicity Set-Up

You can access your files on any device. Access through their mobile apps or on a computer through their web app. If your business uses Microsoft Outlook, Syncplicity offers Microsoft 365 integration.

Syncplicity Pricing

Syncplicity Business Edition costs $60.00/user/year with 300 GB of storage with 5 more GB per user. The next tier up is the enterprise edition which requires a minimum of 25 users. It comes with features like Hybrid Cloud Storage and Panorama which adds mobile features. You will need to contact Axway for pricing. Each of these plans also come with a 30-day free trial. Click here to learn more about pricing and features.

Click the Table to Enlarge


There are many options for HIPAA compliant file sharing as the cloud becomes more and more popular. Any of these products are great solutions for your file sharing needs.

Our HIPAA compliance services help ensure that your business follows the basic HIPAA rules and guidelines to protect sensitive patient information. Our team of experts is dedicated to providing affordable rates and personalized solutions to help you become HIPAA compliant. We understand that navigating the complex requirements of HIPAA can be challenging, which is why we offer a comprehensive range of services to meet your unique needs. From risk assessments to employee training, we have the tools and expertise necessary to help your business achieve and maintain HIPAA compliance. Contact us today to learn more about how we can help you protect your patients, your employees, and your business.

Sharing is caring!


Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.

Download Now

Let's keep in touch

Stay up to date on the latest HIPAA news, plus receive tons of free tools and info.

Navigating HIPAA Compliance in 2023

Watch the recording of this webinar to learn more about how you can become and stay HIPAA compliant!


Related Posts

What is Access Control in terms of HIPAA?

What is Access Control in terms of HIPAA?

Access control, in terms of cybersecurity, refers to the practice of managing and regulating who can access specific resources, systems, or data within an organization's network or information...

Comparing HIPAA and NIST

Comparing HIPAA and NIST

In the ever-evolving landscape of data security and privacy, two key frameworks have emerged as significant players: HIPAA and NIST. Both emphasize the importance of safeguarding sensitive...

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Your cart email sent successfully :)