ShareFile

HIPAA Support

Overview

Important:

For HIPAA and Compliance, visit the ShareFile Trust Center for more information.

The Health Insurance Portability and Accountability Act of 1996, or “HIPAA,” is a U.S. federal law that required the creation of national standards to protect patient health information. This includes, for example, obligations around the confidentiality and security of such data.

ShareFile supports these obligations when storing and sharing data, and provides various tools to supplement a customer’s compliance efforts under HIPAA. However, it is the customer’s responsibilty to configure and operate its ShareFile environment appropriately. Additionally, ShareFile is not a substitute for a customer’s broader compliance obligations. Customers must have their own an adequate HIPAA program, along with appropriate processes and controls to ensure compliance throughout their organization.

Adding ShareFile with HIPAA Support

ShareFile with HIPAA support is available only with a ShareFile Premium, VDR, Industry Advantage Account. Additionally, customers must accept the ShareFile Business Associate Agreement (BAA). In such case, ShareFile operates as a “Business Associate” of customer, generally a “Covered Entity.” For more information on these roles, visit The U.S. Dept. of Health and Human Services.

Accepting the Business Associate Agreement

New accounts

A ShareFile customer’s administrator can enable HIPAA and accept the BAA by following the given steps below:

  1. Login to ShareFile Account. Then go to Settings > Admin Settings > Admin Overview.

    HIPPA 1

  2. From the Admin Overview, select Enable HIPAA and the Warning and Notes page is displayed.

    HIPPA 2

    HIPPA 3

  3. Click the Checkbox to enable the option BAA and click the Enable button to continue.

    HIPPA 4

  4. The Success message is displayed on the top right corner. HIPPA 5

Existing accounts

Once a ShareFile account is converted to a Premium, VDR or an Industry Advantage Account with HIPAA support, administrators can click on Admin Setting -> Admin Overview page, within their ShareFile account. A statement regarding BAA acceptance will be highlighted where the BAA can be reviewed and accepted directly within the account.

Administrators can access and review their executed ShareFile BAA at any time via the same Admin Overview page.

HIPAA Features

Upon in-product acceptance of the ShareFile BAA, customers can immediately feel confident using ShareFile to process protected health information (PHI) in the HIPAA-supported version of their ShareFile account. In addition to world-class security measures which come standard in our products, various features are automatically adjusted to help support customer’s enhanced obligations under HIPAA.

Note:

Features marked with an asterisk (*) are not eligible for HIPAA support.

  • *Public or Anonymous Sharing - To prevent customers from inadvertently sharing PHI publicly, this feature is turned off. Administrators may enable this feature.

  • *3rd Party integrations and connectors - To prevent customers from inadvertently transferring PHI to unauthorized environments, this feature is turned off. Administrators may enable this feature.

  • Notifications - In appropriate instances, activity notifications (ex: view/download/upload) will not include the file name sent via email.

  • *Customer’s environments such as IT-managed, on Prem, or local device storage (ex: offline sync in ShareFile for Windows).

  • *Activities triggering unencrypted email messages using Projects, Solutions, Signatures, Request Lists and Custom Workflows.

  • *Plugins such as Outlook, Outlook Online and Google Workspace.

  • *Evaluation features such as beta, tech previews, or other products provided for customer evaluation.

HIPAA Support