Skip to main content

Health Insurance Portability and Accountability Act (HIPAA)

Files.com supports many customers who are subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), a U.S. law that governs the privacy and security of protected health information (PHI).

We understand the specific technical and contractual requirements imposed by HIPAA and have designed our platform to be compatible with HIPAA-regulated environments, when configured appropriately.

What Is HIPAA?

HIPAA establishes a framework for protecting Protected Health Information (PHI)—including medical records, billing information, and any other data that can be used to identify a patient and relates to healthcare services.

HIPAA applies to:

  • Covered Entities, such as healthcare providers, health plans, and clearinghouses
  • Business Associates, which are vendors that handle PHI on behalf of Covered Entities

Organizations that fall into either category must ensure the confidentiality, integrity, and availability of PHI, both in storage and in transit, and must implement technical and organizational safeguards.

Files.com as a Business Associate

When Files.com is used to store or transmit PHI on behalf of a Covered Entity, we act as a Business Associate under HIPAA.

To support HIPAA-aligned usage, Files.com offers a pre-written and pre-approved Business Associate Agreement (BAA) that we will execute with any customer on a Premier or Enterprise plan.

HIPAA support, including the execution of a BAA, is not available on the Starter or Power plans.

The BAA defines the roles and responsibilities of both Files.com and the customer in managing PHI securely and in compliance with HIPAA regulations.

Security Configuration Requirements

The HIPAA BAA provided by Files.com requires customers to configure their Files.com site according to our Configuring Files.com for Maximum Security documentation. This document outlines best practices and required settings for:

  • Two-Factor Authentication (2FA)
  • Role-based access controls and least-privilege permissions
  • IP allowlisting
  • Session timeout and expiration settings
  • Encryption in transit and at rest
  • Logging and audit trail configuration
  • Remote Server Mounting for compliant storage backends (if needed)

These configuration steps are critical to ensuring that PHI is protected in accordance with HIPAA’s Security Rule.

Requesting a BAA

Customers on a Premier or Enterprise plan who wish to sign a BAA with Files.com should contact their Account Executive or our customer support team.

Please note that:

  • BAAs are not offered on the Starter or Power plans
  • Customers must follow our security configuration guidelines to activate HIPAA-compliant usage

Final Note: Shared Responsibility

As with all compliance frameworks, HIPAA compliance using Files.com is a shared responsibility.

We provide the infrastructure, tools, and documentation. You are responsible for how Files.com is configured, and for ensuring that your team handles PHI in accordance with HIPAA requirements.

We strongly recommend working with your compliance, security, or legal team to validate that your implementation of Files.com satisfies all relevant HIPAA obligations.

If you need help configuring your Files.com site for HIPAA compliance, reach out to our support team. We're here to help.

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.