HIPAA Compliant File Sharing Service

For Healthcare Providers & Others Who Work With Protected Health Information

HIPAA Compliant File Sharing

What Is HIPAA?

Health Insurance Portability and Accountability Act, abbreviated to HIPAA. The basic premise of HIPAA is to:

1. Enable secure sharing, storage and transmission of Protected Health Information (PHI) by authorized persons and entities
2. Control and monitor the degree of disclosure and usage of PHI
3. Improve the effectiveness and efficiency of the US health care system.

Another act that needs to be taken into account is the Health Information Technology for Economic and Clinical Health Act (HITECH).

Who Must Be HIPAA Compliant?

HIPPA applies to Covered Entities and Business Associates

Covered Entities include:

  • Healthcare providers such as doctors, nurses, psychologists, dentists, chiropractors.
  • Organizations who provide healthcare services such as hospitals, nursing homes, clinics, pharmacies.
  • Health insurance companies.
  • Clearing houses.

Business Associates are entities or persons not defined as a Covered Entity that provide services to them, or perform activities that involve PHI.

Requirements For HIPAA Compliance

HIPAA has a number of rules within it, 4 of which are addressed in this section, as it pertains to the usage of a HIPAA compliant file sharing service.

The Privacy Rule

The Privacy Rule defines what safeguards must be in place to protect the privacy of PHI. It also sets limitations on the disclosure and use of PHI done without patient permission.

There are a number of policies within the Privacy Rule, but one we would like to highlight is, data safeguards that require securing ePHI with passwords, and additional measures, to prevent unauthorized access, and to control and monitor authorized access.

Privacy Compliant

The Security Rule

Security Rule

There are 3 parts within the security rule which are to do with the required specifications concerning administrative, technical, and physical safeguards. Adherence to these 3 parts facilitates the confidentiality, security, and integrity of electronic PHI (ePHI).

Administrative Safeguards

Security Management Process
Identify potential risks to ePHI and put measures in place to reduce the risk to an appropriate and reasonable level
Security Management
Periodic Evaluation
Periodic Evaluation
Perform a periodic evaluation of the various measures put in place to assess how effective the introduced measures are in attaining compliance with the Security Rule.
Information Access Management
In accordance with the Privacy Rule to limit the disclosure of ePHI to the absolute necessary minimum, this measure requires the implementation of policies that define when authorization is permitted to access ePHI, who is authorized to access ePHI, and the degree of disclosure of ePHI.
Information Access Management

Technical Safeguards

The following are specific requirements that must be attained regarding the technology that is used in conjunction with ePHI.
Access Control
Access Control
Implement measures that permit only authorized people to access ePHI.
Audit Control
Audit Control
Keep a detailed auditable trail of activity in relation to disclosure, access, and use of ePHI.
Integrity Control
Integrity Control
ePHI must be protected against unauthorized alteration and destruction.
Verify that a person or entity attempting to access or use ePHI is authorized to do so.
Security Rule
ePHI must be protected against unauthorized alteration and destruction.

The Enforcement Rule

The Enforcement Rule permits Health and Human Services – Office For Civil Rights to enforce the Privacy and Security Rule, with the authority to investigate, review, and fine Covered Entities and Business Associates.
Enforcement rule

The Breach Notification Rule

Breach Notification
This rule specifies how Covered Entities and Business Associates must respond if there is a data breach. Patients and Health and Human Services (HHS) must be notified within a set number of days upon discovering a data breach. When notifying relevant authorities and persons of a breach, among the information included, you must state if known, who accessed or used ePHI.

How Filemail Ensures HIPAA Compliant File Sharing

We have a number of features that in our enterprise-level managed file transfer solution that enables you to be HIPAA compliant.
penetration report
BAA Ready
We use Business Associate Agreements with all users, organizations, and entities who require this formal standardized agreement with us.
End-to-end data transmission encryption using SSL/TSL 256-bits to safeguard your data. Files you send, store and receive are safe and secure.
US based servers
US Data Storage
With several servers based in the United States, you can rest assured your data is stored in the region you need, so as to comply with federal and industry regulations.
intrusion detection
Access Monitoring

We provide a comprehensive monitoring component that lets you know what files were sent and received, by whom, what files were accessed to name just a few details.

delivery tracking

2-factor authentication to make sure only permitted personnel can access designated files. Thanks to SAML/SSO, identity management within Filemail is an extension of your overall cybersecurity strategy.

password protection
Stringent Security
Custom file expiration dates, password protection of files, authentication requirements on download pages, and anti-virus protection shows we take robust measures to protect your files.
delivery tracking
Auditable Trial

Events and actions such as uploading, downloading, by whom, when, IP location, and a host of other details means you get full auditable trails into what is happening to your data and when.

address book
Real-Time Notifications
We keep you up-to-date and in the loop as to what is happening within your account. You can also use an additional service we offer that provides updates via SMS.

Additional Benefits Of Our HIPAA Compliant File Sharing Service


Cost Effective

Setting up a cloud-based solution that meets the requirements of HIPAA is an expensive time-consuming process. As a HIPAA compliant file transfer solution, you’ll be able to get up and running with significantly less expenditure.


With a full range of apps available for all major platforms, you can access protected information as and when you need to, be it in the office or otherwise.

What Else Is Included In Your Filemail Account

custom subdomain

Custom Subdomain

Brandable Account
quicker to transfer
Fast Transfer Rates
integrate upload form
Upload Form On Your Site
more storage
5 TB Storage Per User
stellar customer support
Premium Support

What Our Users Think

Mobile App Ratings

iOS App Store
15.4k Rating: 4.57
Google Play Store
7.78k Rating: 4.5


I have used Filemail for several months and find it very easy to use. It solved problems we have here at the bank when we need to send large files. The platform also provides a secure way to send confidential information back and forth between the bank and our customers.
Bruce Fairbank - Labette Bank
Filemail is the easiest and fastest way to send large files. Some of my clients have been so impressed with Filemail when they have received my videos that they have started using it for their own businesses
Deborah Alvino - CLVS (Coastal Legal Video)
Filemail has solved all my file transfers problems I have had in the past. Fast reliable, friendly to use. Very happy with the service. We send our shows all over the world, Filemail is a great help.
Jorge Elias Alarcon - Hollywood Channel

Some Of Our Clients

7-Day Trial You Can Get Up & Running In Minutes

Protect Your Patients, Reputation, & Business, With A HIPAA Compliant File-Sharing Service