HIPAA Compliance and eFileCabinet

by | Feb 23, 2018

As a document management and storage service for businesses, eFileCabinet  provide on-site and cloud storage. However, is the service appropriate for the healthcare sector? Does eFileCabinet adhere with HIPAA rules or will using it lead to HIPAA breaches?

Document management services permit bodies to carefully manage electronic documents and store them securely in one place. With large volumes of documents being created, such networks take the stress out of document management and can allow HIPAA covered bodies share documents including ePHI securely and avoid HIPAA breaches.

It is important to remember that there are lots of document management services available currently, but not all comply with  HIPAA.

Security measures include the encryption of data on the move and at rest with 256-bit encryption. Sensitive data can be securely transmitted to with external-parties and remote workers via the company’s SecureDrawer feature. SecureDrawer allows files to be sent without having to send documents beyond the protection of the firewall. The files do not leave the eFileCabinet system and are accessed through a secure, encrypted portal.

eFileCabinet permits user and role-based permissions to be implemented in order to restrict access to sensitive information as well as control what users and user groups can do with documents including ePHI. Security measures can be set with varying levels of user authentication, from easy passwords to voice prints and facial recognition. Users are also automatically logged out after a duration of inactivity.

Automated file retention meets HIPAA integrity control requirements, data backups are completed and an audit trail is recorded with copies kept of user access, what users have done with documents, and whether files have been copied or downloaded.

Privacy and security measures are only one aspect of HIPAA compliance. Even with all appropriate safeguards set up, a document management system is not a ‘HIPAA compliant’ service unless a business associate agreement (BAA) has been completed with the service provider. By completing a BAA, the service provider is confirming they have put in place all appropriate controls to ensure data security and are aware of their duties in relation to HIPAA.  eFileCabinet is willing to complete a BAA with HIPAA covered bodies and their business associates.

However, it is up to the covered body to ensure that all security measures made available through eFileCabinet to support HIPAA compliance are configured properly. Fail to set access controls correctly, for example, and HIPAA Rules would be breached.

eFileCabinet appears to have all the required security, access, and audit controls to ensure it can be used by healthcare groups in a manner that adheres with HIPAA Regulations. eFileCabinet will also complete a business associate agreement with HIPAA covered bodies and their business associates.

As long as a business associate agreement has been completed before the platform is used for storing or sending ePHI, eFileCabinet can be considered a HIPAA compliant document management sservice.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy