In a HIPAA and HITECH compliant environment, I have to carefully watch where and how data is stored.
Unfortunately, there are many stakeholders and collaborators who want to use Dropbox, which lacks the necessary privacy protections.
What we really need is Dropbox for the private cloud that enables similar functionality on our HIPAA compliant enterprise storage.
We're evaluating 4 alternatives
1) Dropbox Teams - Encrypted enterprise Dropbox
2) Oxygen Cloud - Supports EMC Atmos Cloud Oriented Storage (used at BIDMC for image archiving)
3) Blackboard Learn - Formerly Xythos
4) ShareFile - Recently acquired by Citrix
HIPAA compliant Dropbox-like functionality. That's cool! I'll let you know what we decide.
Friday, November 11, 2011
Cool Technology of the Week
Posted by John Halamka at 3:00 AM
Subscribe to: Post Comments (Atom)
Up early today John!
Check out Egnyte, we have been happy with it.
Dropbox specifically came out and said that Dropbox Teams will not meet HIPAA or PCI compliance requirements, and that organizations that need that sort of compliance should not use their product.
Why not box.net?
John, have you looked at spideroak.com?
There are two other technologies you should consider for such collaboration:
* Microsoft Office 365 - Microsoft has an offering where they'll sign a HIPAA Business Associate Agreement for Office 365. I don't think any of the other offerings will give you that capability.
* Microsoft SkyDrive - While it hasn't gone through a HIPAA security audit, you can do almost everything here that you can do with a Secure Dropbox, but with far more functionality (such as access to Office Web Apps, like Word, Excel and PowerPoint in a browser).
Just a thought - good luck on the evaluations!
What about a Capacity Services/ Capacity on Demand private cloud storage infrastructure on demand option, such as what the U.S. Department of Defense and Military Services are using through the Defense Information Systems Agency (DISA)?
DISA is in its second generation storage as a utility service contract - a time tested and proven effective solution. For reference, the formal name of the contract is "Enterprise Storage Services (ESS)" and it has utility billed storage infrastructure provided by a single supplier, featuring enterprise class storage and mid-tier storage from EMC, NetApp, Hitachi Data Systems, SUN(Oracle, formerly STK), etc.
The SLA's for every user of the infrastructure, no matter the organization or individual, are the same as they are for DISA. 24x7x365 global support. Better than 99.97% availability. Secure to Military-grade standards, and better.
The equipment is hosted on premises, billed monthly on a per GB per day (in use) utility basis, with billing starting when the user-requested capacity is ready for use (just like DropBox, etc).
Seems like that would be far more secure, available, and in compliance with HIPPA laws.
Is there any reason why Box.Net isn't being considered? Box.Net seems to be a more secure alternative to Dropbox, with the same ease-of-use.
John, very surprised that you aren't evaluating Accellion Secure Collaboration. Great mobile apps too.
FYI - Enterprise Storage Services (ESS) for the DISA is on Contract No. HC1013-07-D-2009 and is provided by ViON Corporation of Washington, DC.
Ref: Storage capacity. On-demand. On-premise.
i would think twice about using Dropbox Teams for your use case.
Some of the suggestions here do not offer HIPAA Business Associate Agreements.
Is/should that be a requirement? They are part of the backup plan...
Looking for a dropbox alternative as well... HIPPA compliant is a must. John, did you decide on one?
Post a Comment