Top 5 HIPAA Compliant File Sharing Services

Companies and practices use file sharing for storing, sharing, controlling and protecting important business files in the cloud. These programs are important to businesses and individuals who need more space to store files, and additional flexibility to access information anywhere.

While these are extremely powerful tools, they can sometimes be problematic. A business is essentially choosing to entrust its important business files and information to a third party, handing over control to another entity. This can lead to problems.

Today, businesses are spoilt for choice when choosing the right HIPAA compliant file sharing services to use. Some of these cloud-based, file sharing services are discussed below.


DropBox boasts of being one of the most widely used file-sharing services in the market. This means many people have at one point used its services, making it an easy option for businesses.

For a long time, many DropBox users have complained about its failure to comply with HIPAA. The problem was not that DropBox file sharing was not secure, rather, that DropBox had consistently insisted on not signing Business Associate Agreements.

The new change with DropBox means that the company will sign a DAA when you choose its business package. The company makes the DAA agreement available via the business account admin console.

It also supports two-factor authentication, mobile security, activity reports and access permissions for different users in a given account.

DropBox has employed enterprise-grade security with 256-bit AES encryption to protect files. It also uses TLS / SSL encryption to transmit data between applications and DropBox servers. DropBox Business is also compliant with ISO 27001 and SOC 2.

Business executives can get access to company files via tablets and smartphones through the DropBox app. DropBox Business makes it possible for account admins to set expiration dates for links.

This way, they can limit the length of time certain individuals have access to certain data types. In the case of a stolen or lost device, a feature to wipe all data in the device remotely is available.

DropBox is designed to be compatible with all operating systems and devices and its setup process is user-friendly.

To enjoy HIPAA compliant file sharing services, you have to subscribe to the DropBox Business plan where the company readily signs Business Associate Agreements.

DropBox Business package goes for $15 per month for each user or $12.50 if payment is made annually. The least number of users a business can sign up the DropBox business package for is 5.

Google Drive

All Google users get 15GB free storage and they can access all the files they store on Google Drive using any operating system and any device including tablets and smartphones. Google enjoys ISO 27001 certification and has passed both SOC2 and SOC3 audits.

Businesses that use Google Drive can choose to use its two-factor authentication that secures its data, making hacking extremely hard. It also employs the logging of access information including people who access any given data, in line with HIPAA guidelines.

Google Drive’s file sharing process enjoys Transport Layer Security (TLS) and Secure Sockets Layer (SSL) encryption. Google makes available a signed BAA when a business subscribes to any of its core services.

G Suite (formerly Google Apps for Work) has two main plans, G Suite Basic and G Suite Business. G Suite Basic goes for $5 per user every month while the G Suite Business package is priced at $10 per month for each user.

Both plans do not require businesses to enter into long-term agreements. The $10 plan gives a user unlimited storage while the $5 plan gives a user 30GB of storage.


People who are used to using Microsoft Office and other Microsoft applications often prefer OneDrive to other HIPAA compliant file storage services. With OneDrive, businesses can manage their documents both offline and online.

When a company signs up for Office 365 Business Essentials, it gets access to OneDrive online where its employees can create, edit as well as share documents.

OneDrive encrypts data when in transit and when at rest. This FIPS 140-2 compliant encryption is done using 256-bit AES.

The only way to be HIPAA compliant when using OneDrive is subscribing to OneDrive business packages starting from the Office 365 Business Essentials at $6 per user, per month to Office 365 Enterprise E5 at $35 per user, per month.

Microsoft also requires businesses to commit to at least a year when they purchase the Office 365 Essentials package.


Perhaps the feature that makes ShareFile a preferred file sharing service for some businesses is the simplicity of sharing files. By simply adding someone’s email address, a ShareFile user is able to share big business files with that person.

For businesses that use Microsoft Outlook, ShareFile avails a plug-in. In addition, ShareFile has availed many mobile tools that make it possible for businesses to share files on different mobile devices.

Furthermore, it is possible to control access of data even while using a mobile device like a tablet or a smartphone.

ShareFile uses accredited data centers to store user data. It also encrypts this data using 256-bit AES. To set up ShareFile, a user needs to use the service desktop app or its online client available via ShareFile Web Portal.

The ShareFile desktop app simplifies the process of uploading large business files to the company’s ShareFile account.

Some of the packages that a business can purchase include the Team package at $60 per month and the Business package at $100 per month. Each package includes 5 users.

If a company has more than five users who need to use the HIPAA-compliant file sharing services, ShareFile charges $8 and $10 for any extra user that a business adds to the Team and Business packages respectively.

The ShareFile Business package has unlimited storage and users can send large files of a maximum size of 100GB.


Box allows companies to securely share their large files. They can also view and comment on company documents as well as connect employees across various devices with different operating systems, including Mac OSX, Windows and different mobile platforms.

One feature that makes Box quite attractive to businesses is the high number of integrations that it supports. This helps to keep business information updated across different applications that the company uses.

Some of the supported integrations include Trello, Oracle Marketing Cloud, Adobe, Zendesk, RingCentral, Salesforce, and HootSuite.

Box users have the option of using two-factor authentication. The robustness of Box’s authentication process is also noteworthy. Additionally, file sharing in Box enjoys multi-layered encryption.

Furthermore, Box has incorporated a number of permission levels for anyone wishing to get access to files that few people are authorized to handle.

Box desktop software is available for Mac and PC. Its mobile applications are compatible with iPhone, Blackberry phones, Android tablets, iPad, Windows phones, and Android phones.

For Box, BAA agreements exist when a business chooses its Enterprise Plan. The price of the Enterprise plan varies depending on the size of a business as well as the intended number of users.

Whether you are using a typical of the shelf cloud based platform like dropbox, or if you are using a much more specialised healthcare type of software, it’s important to make sure that all data is very secure and kept private to ensure compliance and security.

Author: CloudSecureTech

Happily providing insights and thought leadership for businesses to understand technology and cybersecurity! We help you leverage the best IT and technology services providers who you can trust.

Related posts