Lately we've been discussing in the office whether certain cloud-based solutions are HIPAA compliant or not. Citrix Sharefile is a secure, cloud-based platform for businesses to store and share large files. We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.
In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:
- Amazon CloudFront
- Apple iCloud
- Google Drive
- Google Forms
- Google Hangouts
- Microsoft 365
The purpose of this post is to determine if ShareFile offers HIPAA compliance or not.
SEE ALSO: HIPAA Breaches and Cloud Providers
ShareFile is a secure content collaboration, file sharing and sync solution that supports the workflow needs of small and large businesses. It was started by Jesse Lipson in 2005 in Raleigh, North Carolina. In October 2011, ShareFile was acquired by Citrix Systems.
Citrix ShareFile and the Business Associate Agreement
We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. HIPAA compliance requires this by law. We checked the ShareFile site and found Citrix ShareFile Cloud for Healthcare. On that resource page, Citrix ShareFile states: "In response to the new rules and to further reduce the risk associated with a breach of PHI, ShareFile has updated its network and security architecture to provide enhanced security for customers who need to protect PHI. Now, ShareFile will place the PHI of all customers who provide us with a signed Business Associate Agreement (BAA) in this special secure enclave dedicated only for PHI."
Does Citrix ShareFile Offer HIPAA Compliant Service?
The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate. Since Citrix offers one for use with ShareFile, we conclude it can be a HIPAA compliant service.
Conclusion: ShareFile is covered within the Citrix Business Associate Agreement. Make sure you sign a BAA with Citrix before using ShareFile to store or transmit any PHI.