March 5, 2014

Carbonite & HIPAA Compliance

For Windows Only

Article Summary

Carbonite Pro provides critical data security protection without compromising patient privacy and can assist customers with HIPAA compliance efforts.


The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. HIPAA is designed to protect patients’ medical records and other health information supplied to health plans, doctors, hospitals and other healthcare entities.

HIPAA Compliance

To help healthcare organizations comply with HIPAA, security standards have been created to help organizations protect personally identifiable health information. Compliance with HIPAA’s administrative, physical and technical safeguards is imperative to the ongoing business operations of healthcare organizations.

The Carbonite Solution

Carbonite addresses HIPAA regulatory compliance requirements for our Pro customers by implementing administrative, physical and technical safeguards that ensure the confidentiality, integrity and security of your data:

  • Offsite Backup for Disaster Recovery: Carbonite Pro is a key component in any disaster recovery plan as protection against hardware failure, theft, virus attack, deletion and natural disaster.
  • Encryption: All data sent to Carbonite is first encrypted on your computer using 128-bit Blowfish algorithm. Customer data is then sent over a securely encrypted SSL connection, and remains encrypted while in transmission (“in-flight”) and in storage (“at-rest”). While at the data centers, all backed up data remains encrypted.
  • Secure Data Centers: Carbonite’s data centers are physically secure with protective measures that restrict personal access using biometric scanners, electronic key cards, and PIN codes. Additionally, the location is guarded by onsite security officers 24 hours a day, 365 days a year.
  • Massachusetts Data Security Compliance: Carbonite is compliant with the Massachusetts Data Security Regulation (201 CMR 17), widely considered the most stringent data protection statute in the nation because it prescribes actions for disclosing security breaches as well as robust prevention measures. All Carbonite customers, regardless of where they live, get the benefit of Carbonite’s compliance with the Massachusetts Data Security Regulation.
  • Business Associates: Carbonite’s Business Associate Agreement (BAA) is based on the federal government’s standard, so you can rest easy knowing your backed up data is secure and meets Business Associate compliance requirements.

For more information on using Carbonite to support your HIPAA compliance and to request a copy of Carbonite’s BAA, please call 305-247-2227 or email