HIPAA Compliant File Storage for Healthcare

By Jason Wang/ Published on January 8, 2014

TrueVault can offer you HIPAA compliant storage for any file format. This is not just a file backup or cloud storage solution. Our BLOB Store was designed from the ground up to integrate with mobile applications, web apps, and wearable devices. File uploads, downloads, updates, and deletes are all accessible via a REST(ful) API.

When TrueVault launched in September of 2013 we released HIPAA compliant storage for JSON Documents. In December 2013 we launched our BLOB Store. This means that you can now store any binary object in TrueVault, including X-Rays, CT Scans, MRIs, PDFs, scanned medical records, images, and videos.

What is HIPAA Compliant File Storage?


HIPAA compliant file storage is the storage and hosting of protected health information (PHI) in the cloud. Protected health information includes things like patient records, laboratory results, and images such as MRIs, CAT scans, X-rays and more.

If your application is going to store, manage, share, or transmit these types of files, it’s important that they are stored and transmitted in a way that meets the security and privacy guidelines outlined by HIPAA.

Physical Safeguards for HIPAA File Storage

HIPAA storage of medical records and transmitting protected health information (PHI or ePHI) in a HIPAA compliant way means following the physical and technical safeguard requirements of the law.

Physical safeguards include the access and validation measures that control who has access to the hardware where the files are hosted. This includes things like the policies and procedures in place at the hosting facility that regulate who can touch and access the servers where your data is hosted.

Physical safeguards also stipulate the requirements for disaster recovery of HIPAA file sharing, file storage, and redundancy in order to protect the data in the event of a disaster. Finally the physical safeguards address the HIPAA storage requirements for maintaining, destroying, and reusing the media that holds ePHI. This includes the disposal and destruction of failed hard drives, for instance.

HIPAA compliant hosting providers will typically cover all of the requirements under the physical safeguards section of the HIPAA Security Rule.

Technical Safeguards for HIPAA File Storage

In addition to the physical safeguards, HIPAA compliant file storage must meet the technical safeguard requirements.

Technical safeguards manage the electronic security of protected health information, and deal specifically with things like encryption and decryption, authentication, audit controls, user identification, and integrity controls to ensure data is not modified or accessed in any way during transmission or storage.

Technical safeguard requirements also call for the established procedures for being able to access ePHI during an emergency.

TrueVault HIPAA Compliant File Storage

TrueVault is a secure, HIPAA compliant file store for all types of electronic protected health information and medical records. TrueVault’s healthcare API allows application developers and providers to share, store and manage ePHI while meeting all the technical and physical safeguard requirements of the HIPAA security rules.

Only TrueVault gives your application the technical and physical safeguards required by HIPAA. HIPAA hosting environments do not meet the technical requirements required to meet HIPAA guidelines.

There is no limit to the number of files you can upload. Any binary file can be uploaded, updated, deleted, and downloaded via our REST API. Healthcare applications can now store and exchange medical images, videos, and large files with ease. There are numerous use cases for this kind of HIPAA compliant file storage, the possibilities are endless.

image32 is an early adopter and sees the value in the TrueVault BLOB Store. Millions of X-Rays, CT Scans, MRIs, and other medical imaging studies are created every day. But, complicated rules and incompatible software has prevented doctors and patients from easily sharing these images. image32 solves this problem and liberates these medical images. With image32 it is easy to securely share medical imaging studies on any device, anywhere. There are 3.9 million medical images currently hosted on image32, and all of the images that include PHI can be stored in a HIPAA compliant manner using the TrueVault BLOB Store.

Adding video capture or image sharing capabilities to you app is now pretty simple. Instead of building out your own HIPAA compliant video archive, just push the video to TrueVault with a single API call:

curl https://api.truevault.com/v1/vaults/[vault_id]/blobs \ -u [YOU_API_KEY]: \ -X POST \ --data-binary "@2014-01-06-video.mp4" \ -H "Content-Type:application/octet-stream"

The full BLOB Store API doc is available here.

Business Associate Agreements


HIPAA defines a Business Associate as anyone who has access to patient information, whether directly, indirectly, physically or virtually. This includes any organization that provides support in the treatment, payment or operations associated with protected health information.

Business associates Include:

  • IT providers, health applications
  • Telephone service provider, document management and destruction
  • Accountant, lawyer or other service provider

 Business Associates have the responsibility to achieve and maintain HIPAA compliance in terms of all of the internal, administrative, and technical safeguards.

Business Associates must sign a Business Associate Agreement with a covered entity (such as a doctor) or other business associate (such as an application developer) to document the relationship and agree upon the terms as outlined in the requirements in HIPAA.

TrueVault signs a Business Associate Agreement with all users of it’s platform who have activated their accounts which is backed by comprehensive data and privacy insurance policy. You can learn about our BAA and insurance policy here.

Make your app HIPAA compliant today. You can be up and running in minutes, with no credit card and no trial expiration.

Skip the red tape of building HIPAA compliance yourself and head straight to developing amazing new solutions for the healthcare industry with TrueVault.

If you have any questions about HIPAA compliant file storage please email us at blog@truevault.com. We’re here to help.

Latest Posts

Should Utah's Privacy Law Be on Your Radar?

A Cookie Banner Isn't Enough for CCPA Compliance

Why CCPA Compliance Matters to HR

Mailing List