Is IDrive HIPAA compliant?

IDrive is a cloud storage and backup service. Healthcare providers and entities dealing with protected health information(PHI) must adhere to HIPAA guidelines. When considering using IDrive, healthcare organizations must evaluate its HIPAA compliance status. 

What is IDrive?

IDrive is a cloud storage and backup service that allows users to store and protect their files online. Offering cross-platform support for Windows, Mac, Linux, iOS, and Android devices, IDrive enables users to access their data from various devices. 

IDrive's security features

1. Encryption: IDrive employs 256-bit AES encryption to encrypt files before they leave the user's device, ensuring data remains secure during transmission and storage. 
2. Private encryption key: For enhanced security, users can create a private encryption key known only to them. This key is used to encrypt files, safeguarding data from unauthorized access, even if someone gains access to the IDrive account. 
3. Two-factor authentication: IDrive offers two-factor authentication, adding an extra layer of security. Users need to enter a code from their phone, along with their password, during login. This reduces the risk of unauthorized access, as an attacker would require the user's password and physical access to the user's mobile device.
4. Secure data centers: IDrive states that it hosts data vaults in world-class data centers with robust physical security measures, such as 24/7 security guards, video surveillance, and fire suppression systems. These measures help protect the physical infrastructure where data is stored, minimizing the risk of unauthorized physical access.

Is IDrive a business associate?

Under HIPAA, a business associate is a vendor or service provider that handles PHI on behalf of a covered entity, such as healthcare providers or health plans. Whether IDrive qualifies as a business associate depends on the nature of its services and how it handles PHI.

To determine its status as a business associate, IDrive's handling of PHI must be assessed. Healthcare providers who use IDrive to store, backup, or transmit PHI for their operations or on behalf of their patients may consider IDrive as a business associate.

Related: How to know if you're a business associate

BAA provisions

A business associate agreement (BAA) is a contract between a covered entity and a business associate, outlining the responsibilities and obligations of both parties regarding PHI protection. Covered entities must ensure their business associates sign a BAA to maintain HIPAA compliance.

Related: Business associate agreement provisions

IDrive and the BAA

To address the requirements of HIPAA, IDrive offers a business associate agreement for its business plans. This BAA outlines the necessary safeguards and security measures that IDrive will adhere to when handling PHI on behalf of healthcare providers.

By signing the BAA, IDrive is committed to complying with HIPAA regulations and ensuring that healthcare providers can trust their services to handle PHI securely.

Is IDrive HIPAA compliant?

Based on the information available on their website and the security features in place, IDrive demonstrates a commitment to protecting user data. Additionally, IDrive offers its users the option to sign a BAA.

Conclusion: IDrive is HIPAA compliant.