Skip to main contentSkip to Table of Contents

An official website of the United States government

Hipaa Compliant Cloud Storage Apr 2026

A cloud provider is considered a (BA) if it handles ePHI, even if it cannot access the encrypted data. To be compliant, the following must be in place:

: Systems must use Identity and Access Management (IAM) tools to ensure only authorized personnel can access sensitive data. hipaa compliant cloud storage

10 Best HIPAA-compliant Cloud Storage Providers In 2024 - Fortinet A cloud provider is considered a (BA) if

: The CSP must maintain detailed logs of who accessed or modified data and when. Many major providers offer HIPAA-compliant tiers, but you

Many major providers offer HIPAA-compliant tiers, but you must ensure you are using a supported version and have signed their BAA.

: PHI must be encrypted both at rest (while stored) and in transit (while being sent).

: This is a mandatory legal contract. Without a signed BAA, you cannot legally store PHI on a platform, even if the service has high-level encryption.