Is Carbonite HIPAA compliant? Carbonite is a software solution provider that offers data backup solutions, disaster recovery services, and endpoint protection. These are all security measures that must be implemented by covered entities and business associates to comply with HIPAA. But, does Carbonite offer a HIPAA compliant service? Find out below. 

What Are HIPAA Required Data Backup and Disaster Recovery Plans?

Carbonite offers both data backup and disaster recovery services, but what does that mean?

HIPAA requires healthcare organizations to implement data backup and disaster recovery plans to ensure that patient data can be accessed in the event of an incident such as a breach or natural disaster.

A HIPAA compliant data backup solution plan, which is part of the administrative safeguard requirement to have a contingency plan, consists of establishing and implementing procedures to create and maintain retrievable, exact copies of electronic protected health information. While a disaster recovery plan is a strategy for disaster event response, which includes deployment of the backups – in other words, putting the backups into action.

What is Endpoint Protection?

Endpoint protection are the security measures that keep your “endpoints” secure. Endpoints are any device that connects to your network (the internet) including laptops, desktop computers, tablets, mobile phones, medical equipment that requires internet access, or other office equipment that connect to the internet.

Let’s Simplify Compliance

Do you need help with HIPAA? Compliancy Group can help!

Learn More!
HIPAA Seal of Compliance

Is Carbonite HIPAA Compliant: Security Features

When determining a software provider’s HIPAA compliance, it is important to look at the security features that their software offers to ensure the privacy and security of data. The security features must address the administrative, technical, and physical safeguard requirements that HIPAA mandates.

Is Carbonite HIPAA Compliant

Carbonite offers the following data security protections for their users.

  • Access Controls. Enables users different levels of access to data based on their job function.
  • Audit Logs. Tracks access to data on a per-user basis, ensuring compliance with the HIPAA minimum necessary standard.
  • Encryption. Masks sensitive data, requiring a decryption key to access the system, preventing unauthorized access to data.
  • Automatic Logoff. Prevents unauthorized access to data by logging out of the system after a period of inactivity.
  • Emergency Access Procedure. Enables users to retrieve exact copies of their data through their cloud-based HIPPA compliant data backup solution. This allows users to be able to access their data in the event of an emergency such as a natural disaster, or breach.