Secondary Logo

Journal Logo

DocAPProvED: HIPAA-Compliant Storage on the Cloud

Mohseni, Alex MD

doi: 10.1097/01.EEM.0000469327.38002.04

Dr. Mohseniis an emergency physician in the Washington, D.C., metropolitan area and the chief innovation officer of Emergency Medicine Associates. He is the editor of his own blog, Follow him @amohseni, and read his past columns at





As health care grows more advanced, you will likely need a secure and HIPAA-complaint way to store and share medical data. One of my colleagues, in fact, recently asked me to find an easy-to-use but HIPAA-compliant mechanism to store ultrasound images for quality control and billing. You may also need such a tool for cloud-based backup of scanned patient charts, a repository for charts that you use for documentation feedback for providers, or a secure method to store research data.

Given the high cost (and frequency) of HIPAA breaches, it's smart to use the right tool for the job. Often, your hospital's solution for data storage may be convoluted and not user-friendly. Thankfully, great cloud-based solutions do exist for this issue.

The solution that is easiest to use and presumed to fit most emergency physicians' needs is Box. ( Box will be familiar to you if you have ever used Dropbox or Google Drive. It is cloud-based data storage with more advanced security measures, as well as the ability to sign a business associate agreement (BAA) with covered entities. Acquiring a BAA is essential, as any HIPAA compliance officer will tell you.

To obtain a signed BAA so you can use Box for HIPAA-compliant data storage, you will need to sign up for an Enterprise account, which starts at approximately $105 per month. That is a great deal considering the much more expensive alternatives and the great features you receive, including data encryption, authorization tools, and audit trails of account activities.

Copyright © 2015 Wolters Kluwer Health, Inc. All rights reserved.