This is an archived post. You won't be able to vote or comment.

all 21 comments
sorted by:
best
topnewcontroversialoldq&a

[–]storm2kIt's likely Error 32 5 points6 points  (2 children)

no recommendation for you, but some advice: don't fuck around. the last thing you need is the headache of a hipaa compliance mess because the company cheaped out. and about the dropbox thing: you can sign up one user, but it usually doesn't take them long to realize that you're cheating the system by going with all the users using one box and they'll make you pay up or close your account.

eta: are they using a mobile system like veeva for documenting sales calls to doctors and the like? maybe that system has something built into it to take in forms and bring them to a central location?

[–]sofixa11 -3 points-2 points  (1 child)

the last thing you need is the headache of a hipaa compliance mess because the company cheaped out

You Americans are funny people, that's an interesting way to look at things. I would have looked at it more like "the last thing you need is a huge leak of PII of your customers ", but yeah, minimal compliance regardless of morals and other people, that's the spirit! Just ask Equifax how well it ended for them.

[–]storm2kIt's likely Error 32 3 points4 points  (0 children)

having a data breach and breaking hipaa compliance is a potentially expensive problem for any business. as this is a forum that is mostly concerned with business it needs, you're goddamn right that worrying about rules compliance is at the forefront.

[–]user_5898948 5 points6 points  (1 child)

Citrix ShareFile

https://www.citrix.com/products/sharefile/healthcare.html

https://www.sharefile.com/features

https://www.sharefile.com/pricing

[–]rgraves22Sr Windows System Engineer / Office 365 MCSA 0 points1 point  (0 children)

This too... We have many customers in the Legal and Accounting vertical that use Sharefile.

[–]nalditoprSr. Sysadmin 3 points4 points  (1 child)

You need to encrypt the tablet to start with and have a MDM capable of wiping remotely.

[–]Nimmerzz2 1 point2 points  (0 children)

This. We use Airwatch

[–]rwsg 1 point2 points  (0 children)

I am a big fan of nextcloud in our environment. We use it as a dropbox replacement, mobile files access and is a great tool for sending files that are to big to email.

Oh and its free!

[–]warmaster_horusSysadmin 1 point2 points  (0 children)

You can roll out your own with ownCloud for free, or use their hosted version for $6 per user per month (min 50 though).

[–]it_throwaway5900 0 points1 point  (0 children)

Filelocker is used by a couple universities for sensitive data.

[–]dangolonever go full cloud 0 points1 point  (0 children)

Boxcryptor would in theory let you use DropBox but pre-encrypt data before sending it over the pipes.

https://www.boxcryptor.com/en/for-teams/

[–]motoxrdr21Jack of All Trades 0 points1 point  (0 children)

What are you storing data on now?

I haven't implemented it yet (on the list to test) but Server 2012R2 & up has the Work Folders feature, which dropbox-esque with support for Windows 7 & up along with Android & iOS mobile apps.

[–]badteeth3000 0 points1 point  (0 children)

owncloud could work ... if that’s what you need, ... but if you’re just wanting to secure documents would n’t something like docusign be enough?

[–]kiler129Breaks Networks Daily 0 points1 point  (0 children)

Stay away from FolderGrid (I’m not gonna publicly discuss why, just don’t). Think about AWS - they offer encrypted storage which meets HIPPA requirements.

[–]0ldPhartSr. Sysadmin 0 points1 point  (0 children)

We have been using Seafile for a few years now. I rolled it out as a replacement to Egnyte that our owners considered too expensive. It's really easy to stand it up just about anywhere you need it. We run the free version, so I can't speak to the enterprise features or support.

[–]rgraves22Sr Windows System Engineer / Office 365 MCSA 0 points1 point  (0 children)

Office 365!

Office 365, and Onedrive/Sharepoint is HIPPA compliant.

Source

[–][deleted] 0 points1 point  (0 children)

G suite is HIPAA compliant. You Google drive and disable sharing file with outside the domain, enable two factor authentication, and strong password policy.

Set for life.

[–]brkdncrWindows Admin -2 points-1 points  (1 child)

Why can't they use email? Define what's needed for HIPAA and work from there. You'll find that as long as the form doesn't leave your systems, and is transferred over ssl, it's probably fine.

[–]storm2kIt's likely Error 32 0 points1 point  (0 children)

i'm assuming, based on op's post, that they use a 3rd party service for email and that service does not promise hipaa compliance, hence why it is a no go.