No, there are no additional costs beyond Storj Select fees for the robust security features in Storj’s HIPAA compliant cloud storage solutions. Unlike other cloud service providers, Storj does not require separate products or fees for HIPAA compliant security. Storj’s secure cloud storage is designed with advanced security measures out-of-the-box, including encryption, distributed storage, and data access management, ensuring healthcare providers and data storage providers alike meet HIPAA rules without hidden costs.
Yes, Storj will sign a Business Associate Agreement (BAA) for customers storing electronic protected health information (ePHI). The BAA outlines how Storj helps safeguard ePHI and ensures compliance with HIPAA standards and the HITECH Act. This agreement underscores Storj’s shared responsibility approach to helping healthcare providers maintain compliance with the Privacy Rule, Security Rule, and Breach Notification Rule.
Yes, Storj supports customers who need to comply with HITECH regulations in addition to HIPAA standards. HITECH, which supplements HIPAA rules, focuses on improving the digital security and privacy of healthcare information. Storj provides a secure cloud storage foundation that aligns with these regulations, protecting the confidentiality of sensitive health data while ensuring its availability for authorized use.
Storj’s approach to data access management separates encryption and authorization, creating a zero-trust layer between customer data and the storage infrastructure. This separation ensures that authentication controls are robust and that encryption keys remain protected at all times. Storj further enhances security by implementing data encryption at rest and in transit, adhering to industry-leading practices for secure cloud computing.
Storj’s distributed network model addresses HIPAA compliance by securely storing ePHI across a global network of storage nodes. All objects are divided into segments, which are encrypted and erasure-encoded. These encrypted segments are then dispersed across the network, ensuring data availability and durability even if individual nodes are compromised or experience hardware failures.
This innovative approach ensures that sensitive healthcare data remains secure and accessible, adhering to HIPAA standards for data storage and breach prevention. Additionally, this architecture provides flexibility, as customers can store data on SOC2 certified facilities, restrict storage to specific regions, or even operate nodes within their infrastructure.
Metadata is encrypted using AES256-GCM authenticated encryption by default and stored in SOC2 Type 2 compliant data centers. This ensures that even metadata, including object path or user-supplied details, remains secure. Storj employs a distributed database to store metadata, designed for high availability and strong concurrency, enabling optimal performance while supporting the requirements of HIPAA compliance.
Storj offers two secure models for data transfer via its cloud services, a client software approach named Uplink and a hosted HTTP endpoint model called Edge Services.
• Edge Services: Includes a hosted S3-compatible Gateway and the Auth Service, operated in SOC2-certified facilities. All transfers to and from Edge Services utilize HTTPS with TLS 1.2+ encryption, maintaining confidentiality and data integrity during transit.\
• (Optional) Uplink Client: Features end-to-end encryption, where all data is encrypted on the client side before leaving. This data remains encrypted during transfer and storage, ensuring robust protection against vulnerabilities.
These secure data transfer methods align with HIPAA rules and give healthcare providers and other users confidence in the security of their sensitive information.
Yes, Storj is committed to maintaining robust security measures through regular security assessments. These assessments help identify potential vulnerabilities while ensuring compliance with HIPAA’s Security Rule. Storj also continuously refines its practices to meet evolving requirements and standards for secure cloud storage, providing peace of mind for healthcare providers and other organizations storing ePHI.
Storj’s advanced architecture minimizes the risk of data breaches by encrypting data and distributing it across an independent storage network. However, in the unlikely event of a breach, Storj ensures customers can fulfill their Breach Notification Rule obligations by providing transparent processes and documentation. This capability supports HIPAA compliant data recovery procedures and compliance with the HHS reporting requirements.
Yes, healthcare providers using Storj’s HIPAA compliant cloud storage have full control over their data’s storage locations. Customers can restrict data to specific geographic regions, SOC2 Type 2 certified facilities, or a private infrastructure under their control. This flexibility allows organizations to meet regional compliance requirements while maintaining the availability and integrity of stored data.
Storj’s use of Reed-Solomon erasure encoding ensures data remains highly redundant and recoverable. Even with hardware failures or the loss of a storage node, the distributed nature of Storj’s secure cloud storage guarantees data availability. This resilience aligns with HIPAA standards for ensuring data integrity and availability, making Storj an ideal partner for HIPAA compliant cloud backup solutions.
Storj’s design reflects the requirements of HIPAA’s Security Rule, incorporating encryption, zero-trust access control, and multi-factor authentication to restrict unauthorized data access. By safeguarding data in motion and at rest with AES 256 and TLS 1.2+ encryption, adhering to rigorous network design principles, and employing SOC2 compliant operations, Storj delivers a reliable, secure storage service tailored to the needs of the healthcare sector.
Storj sets itself apart through its cutting-edge use of distributed cloud computing and zero-trust principles. By implementing highly advanced encryption, enabling customizable storage options, and minimizing vulnerabilities, Storj provides healthcare providers with innovative solutions for secure ePHI management. Paired with support for HIPAA rules, HITECH regulations, and a transparent shared responsibility approach, Storj is the modern choice for ensuring compliance and safeguarding healthcare data.
