Yes. Privacy and security are top concerns at ReadyNAS Vault (https://www.readynasvault.com/powered-by-elephantdrive/) and we have shaped our solution according to the well-established best practices in the security world. For an overview of the principles and practices applied, please visit our FAQ on security design here: https://support.readynasvault.com/hc/en-us/sections/201907416-Security-Privacy-and-Compliance.
HIPAA and HITECH have put in place specific regulations regarding how Protected Health Information (“PHI”) is to be handled by professionals. In addition to medical professionals, these regulations apply to their partners and subcontractors, requiring them to enter into a Business Associate Agreement (“BAA”).
Our internal reviews meet the compliance standards outlined in HIPAA and 3rd party certification of these hurdles is forthcoming. We have used the publicly available documentation and the work done by our storage partners at Amazon Web Services (AWS) as key guidelines for evaluation. For a review of the recommended techniques for deploying HIPAA compliant applications, please view the AWS whitepaper on HIPAA: https://d1.awsstatic.com/whitepapers/compliance/AWS_HIPAA_Compliance_Whitepaper.pdf.
We have drafted a BAA, specifically tailored both to the unique requirements of HIPAA and HITECH regulations and to the specifications of ElephantDrive’s (https://www.readynasvault.com/powered-by-elephantdrive/) cloud data services. Our BAA is available upon request by our users on a Business or Enterprise subscription (https://www.readynasvault.com/home/pricing-and-plans/). Just email us at firstname.lastname@example.org.
We hope this information will help you make an informed decision and we hope to have the opportunity to provide you with the compliant cloud storage services you need.
Keep in mind, however, that no system, by itself, can ensure HIPAA compliance. All organizations must adhere to and enforce daily the standards and regulations detailed in HIPAA in order to maintain compliance.