Skip to main content

Lyve Cloud Documentation

HIPAA

1.	What is HIPAA?
	The Health Insurance Portability and Accountability Act (HIPAA) is a US law enacted in 1996. HIPAA is a comprehensive set of standards that regulate the protection and use of protected health information (PHI) in the healthcare industry. The law applies to healthcare providers, health plans, and healthcare clearinghouses that transmit health information in electronic form. HIPAA establishes national standards for the privacy and security of PHI and requires that these entities implement appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI. HIPAA also sets rules for the use and disclosure of PHI and gives individuals certain rights with respect to their PHI, such as the right to access, inspect, and receive a copy of their PHI. In summary, HIPAA is a comprehensive set of standards and rules that regulate the protection and use of PHI in the healthcare industry and establishes national standards for the privacy and security of PHI.
2.	Is Seagate Lyve Cloud HIPAA compliant?
	Yes, Seagate’s Lyve Cloud storage service has been audited by trusted third-party certifiers and is certified to comply with all HIPAA standards for the secure handling and protection of PHI.
3.	What measures does Seagate use to ensure its service is HIPAA compliant?
	Seagate takes numerous measures to ensure that our service is compliant with HIPAA standards and provides a highly secure and robust data storage service. Such measures include: Lyve Cloud is certified to the ISO/IEC 27001 Standard, as well as attested to the SOC 2 Type 2 Standard. We are also HIPAA compliant. ISO 27001 is the world’s leading information security standard, providing control requirements to create an Information Security Management System (ISMS). SOC 2 is an extremely popular form of cybersecurity audit, used by a rapidly growing number of organizations to demonstrate they take cybersecurity and privacy seriously. HIPAA Security Rule addresses the safeguarding of ePHI through the application of administrative, physical, and technical safeguards. Compliance is required by all covered organizations defined by HIPAA and the Office of Civil Rights (OCR) audit guidelines and assessment standards. Two-factor authentication for users to ensure secure data custodians. Standardized TLS 1.2 data encryption. Authentication and authorization within every data transaction, using both account access keys and a cryptographic signature. Secure data deletion with Secure Erase. When a customer ends their service with Lyve Cloud, their data is securely cryptographically erased as the SSE-C key is only available to the customer in the API. Enacting proper staff security awareness training and regulation policies, including procedures for authorizing access to PHI, as well as security incident response. Entering into and documenting appropriate business associate contracts with covered entities using Lyve Cloud service. Periodic, thorough risk analyses of current business practices/audits, with an aim to identify potential security risks and test current security and contingency policies. Safe logging and monitoring procedures ensure the recording of all login attempts, individuals who access electronic PHI, as well as any security incidents and mitigation responses involved. Extensive resilience testing and contingency backup architecture that prevents data loss in the case of a datacenter going down.
4.	Where can I learn more about HIPAA?
	For more information regarding HIPAA compliance with Seagate’s Lyve Cloud storage service, please see Lyve Cloud Compliance, or visit Lyve Cloud HIPAA Business Associate Addendum.

In this section:

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.