Opened 11 days ago

Last modified 11 days ago

#14281 assigned Question/How do I...?

HIPAA compliance?

Reported by: https://id.mayfirst.org/interpreters Owned by: https://id.mayfirst.org/jaimev
Priority: Medium Component: Tech
Keywords: NextCloud Cc: https://id.mayfirst.org/jamie
Sensitive: no

Description

I've seen Nextcloud's promotional materials saying that it is HIPAA compliant, but I suspect that assumes highly secure backend configuration. If I install Nextcloud here, will it be HIPAA compliant?

Change History (3)

comment:1 Changed 11 days ago by https://id.mayfirst.org/jaimev

  • Cc https://id.mayfirst.org/jamie added
  • Keywords NextCloud added
  • Owner set to https://id.mayfirst.org/jaimev
  • Status changed from new to assigned

Hi we offer a single NextCloud instance for all of our members. We make out best effort to ensure security of that instance. I understand you want to install NextCloud yourself? There isn't a method for you to do this our shared servers at this time. Copying jamie here for more feedback about HIPAA compliance.

comment:2 Changed 11 days ago by https://id.mayfirst.org/interpreters

I'm fine with not having our own instance, just as long as our data is highly secure.

comment:3 Changed 11 days ago by https://id.mayfirst.org/jamie

We pay close attention to security and go to great lenghts to ensure all of our members' data is secure.

However, we are not HIPPA compliant. To be HIPPA compliant you have to check off a lot of bureaucratic checkboxes and then, once you delcare yourself HIPPA compliant, open yourself up to steep fines if you are found to have mis-checked any of them.

Furthermore, our security precaution are primarily geared toward protecting your data from corporate or government surveillance. HIPPA compliance is more general. That means we encrypt all hard disks and have a long history of defending our members data.

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.