HIPAA is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule. This subset is all individually identifiable health information a covered entity creates, receives, maintains, or transmits in electronic form. This information is called “electronic protected health information” (e-PHI). The Security Rule does not apply to PHI transmitted orally or in writing.
To comply with the HIPAA Security Rule, all covered entities must do the following:
- Ensure the confidentiality, integrity, and availability of all electronic protected health information
- Detect and safeguard against anticipated threats to the security of the information
- Protect against anticipated impermissible uses or disclosures
- Certify compliance by their workforce
Infinite Uploads cloud storage was not designed for storing sensitive e-PHI data. While we encrypt all data at rest in our cloud storage, just like core WordPress behaviour, your data is all public as it’s meant for storing and serving public media to users. This includes the normal media you store in your WordPress library like images, video, documents, downloads, etc.
While using our cloud won’t necessarily make a site not HIPAA compliant, it’s not mean for storing any personal or medical data. As long as you use it for that purpose and not for uploading or securing sensitive e-PHI data then it Infinite Uploads is still compatible with HIPAA sites.