Is eFileCabinet HIPAA Compliant?


eFileCabinet is a document management system (DMS) that many businesses have been using for on-site and cloud storage. Is this platform suitable for healthcare organizations to use, too? Is it HIPAA compliant?

Document management systems (DMS) help businesses and organizations maintain, manage, and safely store electronic documents in a single location. Systems like this simplify the process of document management which is a big help even to HIPAA covered entities that need to share and store ePHI without violating HIPAA rules. But not all DMS are HIPAA compliant. How about eFileCabinet?

eFileCabinet features security controls such as encryption so that data in transit and at rest are secure with 256-bit encryption. It likewise features a SecureDrawer that allows sharing of sensitive data with third-parties and remote employees. With SecureDrawer, file sharing doesn’t take place beyond the protection of eFileCabinet’s firewall. All files remain in the system and access is via a secure, encrypted portal.

As additional security measure, eFileCabinet restricts access to sensitive information by setting user and role-based permissions, hence what can be done with documents containing ePHI is limited. It is possible to configure access using varying levels of user authentication. Available options include using simple passwords, facial recognition and voice prints. The system also automatically logs off a user after a set period of inactivity. As per HIPAA integrity control requirements, the system automates file retention, performs data backups and maintains an audit trail of user access. User actions, such as copying or downloading files, are also recorded.

Privacy and security controls satisfy only a part of HIPAA requirements. A document management system is not fully HIPAA compliant until it has agreed to sign a business associate agreement (BAA) with HIPAA covered entities. This agreement is the service provider’s proof that appropriate security controls are in place and that they agree to all responsibilities as required by HIPAA. eFileCabinet is ready to sign a BAA with HIPAA covered entities as well as their business associates.

It must be noted, however, that covered entities are held responsible for the proper configuration of all controls provided by eFileCabinet. Failure to configure settings correctly could potentially result to unauthorized access or disclosure, a sure violation of HIPAA Rules.

To answer the question ‘Is eFileCabinet HIPAA compliant?’ the answer is YES. Healthcare organizations can take advantage of all the security, access and audit controls of eFileCabinet. Covered entities need not worry about HIPAA violations when using this HIPAA compliant DMS as long as a BAA is signed before storing or sharing files containing ePHI.