HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with electronic protected health information (ePHI) must ensure that all the required physical, network, and process security measures are in place and followed.
A cloud storage service becomes a business associate if they stores ePHI on behalf of a healthcare organization, and thus the service must be HIPAA-compliant. The law protects not only the privacy of the data but also its integrity and accessibility. HIPAA’s Security Rule, which addresses electronic PHI, includes physical and technical safeguards such as audit controls and access controls, as well as administrative safeguards such as data backups and security incident procedures.
Atera is fully HIPAA compliant as of December 1st 2016.
Note that if you need a signed BAA, please send a request to email@example.com