Yes, Carbonite has declared that it is HIPAA compliant. This service meets HIPAA security regulations, and the company provides a Business Associate Agreement (BAA) for business customers.
Carbonite uses internal privacy and security provisions to safeguard medical information. These services support HIPAA requirements, as long as healthcare customers sign a Business Associate Agreement.HIPAA requires business associates to implement risk management measures that protect the integrity, confidentiality, and availability of patient information. Carbonite meets this standard through real-time monitoring, a secure firewall, encryption, a vulnerability management program, and a formal incident response process for information security threats.Physical security measures include restricted access at Carbonite’s facilities, so only authorized employees, third parties, and visitors can enter. Twenty-four-hour security includes both interior and exterior cameras as well as an alarm system and an electronic card access control system.Additionally, Carbonite restricts access to software programs, allowing only authorized employees access. When a customer needs to dispose of data, authorized individuals wipe the drive, then complete a full write of the drive and a full read to ensure it is blank.Carbonite uses vendors that maintain HIPAA-compliant practices, ensuring the same privacy standards for all Carbonite services.You must have a Carbonite Safe Pro subscription for HIPAA compliance. The BAA provides contractual assurances that Carbonite understands and implements strategies for safeguarding PHI. Carbonite Safe Pro also gives administrators access to view user activity and logins.Since HIPAA regulations can be challenging to navigate, Carbonite provides a HIPAA handbook to guide customers in keeping their backups HIPAA compliant.
Carbonite is a cloud backup and recovery service that protects personal and business data from data loss. This complete backup solution restores data after accidental deletion, ransomware attacks, hardware failure, and natural disasters.