HIPPA Compliance

Overview

FileFlex Enterprise is the ideal EFSS file sharing and collaboration tool for HIPAA Covered Entities and HIPAA Business Associates. That is because the FileFlex server is hosted either by the HIPAA Covered Entity itself or by the HIPAA Business Associate that provides FileFlex to the HIPAA Covered Entity. No Protected Health Information (PHI) or Personally Identifiable Information (PII) is ever stored or transferred to Qnext or third-parties.

Security of data-at-rest and data-in-motion

The data-at-rest is stored on the HIPAA entity or associate’s already HIPAA compliant and secured storage infrastructure and data-in-motion is encrypted and transferred through servers hosted by the HIPAA covered entity or the HIPAA business associate.

Downloading can be prohibited

When used according to HIPAA compliance policies, files can be shared in view-only mode and downloading to local devices prohibited.

Compliant file collaboration with no local copies

File collaboration is from the HIPAA entity or associate’s source location and no copies are stored on remote devices or third party servers.

Restrict sharing and collaboration to HIPAA entity or associate contacts

Sharing and collaboration can be limited to HIPAA covered entity or business associate contacts.

CISO level third party tested

FileFlex Enterprise has been evaluated by an independent, third party CISO level information security firm who has reviewed the information security supporting capabilities introduced through the use FileFlex Enterprise as well as the performance of a Threat Risk Assessment (TRA) on the product to meet HIPAA requirements in regards to data privacy and security. The FileFlex application, and the underlying infrastructure has been subject to and passed a red-team, penetration testing assessment that used a black-box methodology. The security testing brief can be downloaded here and full test results and testing certificate can be obtained by contacting a Qnext representative.