Call now for cybersecurity help: 888-646-1616
Josh Ablett

HIPAA Compliant Cloud Storage - The 11 Best Services To Consider (2024)

“What are my options for HIPAA compliant cloud storage? ”

In recent years, cloud storage has risen in both effectiveness and popularity. Its convenience is undeniable– the ability to access your data from anywhere is amazing. But can business associates and medical providers take advantage of these services to store PHI? What exactly does it mean for a cloud storage service to be HIPAA compliant, and which services provide the most secure cloud storage options?

There are a few things that are essential when it comes to finding a HIPAA compliant cloud storage provider. You need to be choosy, since putting your data “in the cloud” makes it hard to achieve HIPAA-compliant levels of security. When PHI is out of your hands and stored off-site (as cloud storage is), you need to be absolutely sure that your data is safe.

So without further ado, here’s a breakdown of some popular cloud vendor services and whether or not they are HIPAA compliant:

Do you want HIPAA compliant cloud storage to share data between employees?

We're starting our list with our favorite HIPAA compliant cloud storage option for small practices: Google Drive. It's easy to use, has tons of features and can be used in a HIPAA compliant environment.

1. Google Drive Cloud Storage

Our favorite service, hands down, is Google Drive, which is part of Google's excellent Google Workspace.  It's one of the easiest services to use and a great value for the price to achieve the most secure cloud storage option.   PCMagazine also loves it, giving Google Drive an excellent rating.

Google will sign a HIPAA Business Associate Agreement (BAA) for Google Workspace clients.  It covers Gmail, Google Drive, Google Calendar, and Google Vault. If you set the file sharing up properly in Google Drive, it's a brilliant choice for HIPAA compliant cloud storage.

2. Microsoft 365 

Microsoft will also sign a BAA for mail, file storage, calendars, and other aspects of Microsoft Online. While they are a bit harder to use than Google Workspace, Microsoft offers some terrific data loss prevention tools that can help to keep you safer.

Microsoft's file sharing service (OneDrive) also got a great rating, 5 stars from PCMagazine.

Do you want HIPAA compliant cloud storage to share data with other companies?

Google Workspace and Microsoft 365 (reviewed above) can definitely share data securely with other companies. You need to be careful, though, about how you set up the file sharing for compliance to make sure you don't accidentally expose your PHI to the internet.

However, you might not need the other features that come with these services. If you already use another service for email, calendaring, and file editing, then you might want to go with a dedicated file sharing service. Here are some good options. 

3. Dropbox

People often ask "Is Dropbox HIPAA compliant?"  You bet it is!  The most popular and arguably the most well-developed of the cloud storage providers, Dropbox is usually the first provider people think when they think “cloud storage.” Fortunately, Dropbox is HIPAA compliant now with their Dropbox Business service. This includes signing a BAA with you to meet all the requirements.


Box meets all of the security and encryption requirements set forth by HIPAA and is willing to sign a Business Associate Agreement. You can find more detailed information on their compliance on their website.

Do you want to back up your data safely to the cloud?

All of the previous services mentioned can be used for safe, HIPAA compliant cloud storage. However, they require some configuration and oversight.

One of the best protections against ransomware attacks is to have a good, up-to-date backup. It's also one of the best ways to protect your business from interruption if your computers are lost, stolen, or damaged.

5. SpiderOak

SpiderOak offers a great "set it and forget it" cloud backup service. You install their program on your computer, and all of your files are safely and automatically backed up to the cloud.

One of the reasons we love them is due to their "zero knowledge" policy. They encrypt every single possible aspect of their service, which means there is no way their staff could access your data without your involvement. And they're happy to sign a HIPAA BAA.

6. Carbonite

Carbonite is another popular backup service. They are willing to sign a HIPAA BAA.

7. Amazon S3 Glacier

Want to save a TON of money and don't mind some technical work? Amazon S3 Glacier is dirt cheap, but requires you to be IT savvy to use it for regular backups. It also covered by the HIPAA BAA that Amazon will sign.

8. Acronis

Acronis used to be on our 'not HIPAA compliant' list, but as of June 2020, they will sign a Business Associate Agreement!

9. CrashPlan

CrashPlan features a default active AES-256 encryption and will sign a BAA.

10. Backblaze

Another former 'not HIPAA compliant' listing was for Backblaze. As of October 2020, they will sign a BAA for their clients.

11. Amazon Web Services

We are huge fans on Amazon Web Services (AWS). Their security is top notch and they're happy to sign a HIPAA Business Associate Agreement. Check out our article: Secure Cloud Computing: 7 Ways I’d Hack You On AWS".

What about the other guys?

We also reviewed a number of other popular cloud storage and backup providers to see if they could be considered HIPAA compliant cloud storage.

Also, popular company SugarSync makes no mention of being willing to sign a HIPAA Business Associate agreement on their site.

We've found this is a great litmus test. You can quickly and easily tell how seriously a cloud storage company takes HIPAA compliance with a simple google search.

Just type: "business associate agreement" into a Google search, like this:


If you get a result like this, then move on to another provider!


What's the best HIPAA compliant cloud storage service?

Because of its reasonable price, robust features, high level of security, and willingness to sign a HIPAA business associate agreement, we use and recommend Google Drive, which is part of Google Workspace.  Google Workspace includes cloud storage, hosted email, and robust online file editors, and is one of the best HIPAA compliant cloud storage services out there. Check out our article about HIPAA compliant Google Drive.

Talk to us!

Have questions or feedback?  Please share them in the comments below.

Like this article?  Share it!

Leave a Reply

Your email address will not be published. Required fields are marked *

7 comments on “HIPAA Compliant Cloud Storage - The 11 Best Services To Consider (2024)”

  1. It is now mid 2016, and things are always changing (e.g., the 47FUDQ7P6FW6N9 coupon for Google is expired). Can you update us?

Do you think we might be a
good match?

We help over 100 of the best financial services, healthcare, and manufacturing companies across the U.S. with their cybersecurity.
Copyright 2024 Adelia Associates, LLC | All Rights Reserved