Is Carbonite HIPAA compliant? Carbonite is a software solution provider that offers data backup solutions, disaster recovery services, and endpoint protection. These are all security measures that must be implemented by covered entities and business associates to comply with HIPAA. But, does Carbonite offer a HIPAA compliant service? Find out below.
What Are HIPAA Required Data Backup and Disaster Recovery Plans?
Carbonite offers both data backup and disaster recovery services, but what does that mean?
HIPAA requires healthcare organizations to implement data backup and disaster recovery plans to ensure that patient data can be accessed in the event of an incident such as a breach or natural disaster.
A HIPAA compliant data backup solution plan, which is part of the administrative safeguard requirement to have a contingency plan, consists of establishing and implementing procedures to create and maintain retrievable, exact copies of electronic protected health information. While a disaster recovery plan is a strategy for disaster event response, which includes deployment of the backups – in other words, putting the backups into action.
What is Endpoint Protection?
Endpoint protection are the security measures that keep your “endpoints” secure. Endpoints are any device that connects to your network (the internet) including laptops, desktop computers, tablets, mobile phones, medical equipment that requires internet access, or other office equipment that connect to the internet.
Is Carbonite HIPAA Compliant: Security Features
When determining a software provider’s HIPAA compliance, it is important to look at the security features that their software offers to ensure the privacy and security of data. The security features must address the administrative, technical, and physical safeguard requirements that HIPAA mandates.
Carbonite offers the following data security protections for their users.
- Access Controls. Enables users different levels of access to data based on their job function.
- Audit Logs. Tracks access to data on a per-user basis, ensuring compliance with the HIPAA minimum necessary standard.
- Encryption. Masks sensitive data, requiring a decryption key to access the system, preventing unauthorized access to data.
- Automatic Logoff. Prevents unauthorized access to data by logging out of the system after a period of inactivity.
- Emergency Access Procedure. Enables users to retrieve exact copies of their data through their cloud-based HIPPA compliant data backup solution. This allows users to be able to access their data in the event of an emergency such as a natural disaster, or breach.
Is Carbonite HIPAA Compliant: Requesting Your BAA
As Carbonite has the potential to access protected health information (PHI) over the course of the work they perform for their healthcare clients, Carbonite is considered a business associate under HIPAA.
Business associate agreements (BAAs) are legal contracts between a covered entity and a business associate, or two business associates. BAAs limit liability for both singing parties as they require each party to be HIPAA compliant, and agree to maintain their compliance.
To act as a business associate, Carbonite must be willing to enter into a business associate agreement with their healthcare clients. Carbonite states on their website that they will enter into a BAA upon users’ request. They ask users to contact their Sales team at 855-227-2249 or [email protected] to request a BAA.
Is Carbonite HIPAA Compliant?
Is Carbonite HIPAA compliant? Yes, as long as the user has a signed business associate agreement with Carbonite before utilizing their services, and the end user utilizes the software properly.
For more information on Carbonite and HIPAA, please click here.