Is SpiderOak HIPAA compliant?

This article has moved to our new Help Center and will no longer be updated on this page. Please see the Help Center for the newest version.

The SpiderOak client and server environment contain all the appropriate technical security mechanisms to protect the data that is transmitted to and from the SpiderOak servers. In fact, we built the SpiderOak No Knowledge privacy environment specifically to handle this task. However, we do not currently employ a HIPAA compliance officer for self-certification.

The services provided by SpiderOak do form a critical part of Data Backup, Disaster Recovery, and Emergency Mode Operations strategies by providing remote accessible backup, storage and restore services that are geographically distant from the client site to minimize the likelihood of data loss in a large-scale disaster. In the event of loss of the primary data center, data located on the SpiderOak cloud can easily, securely and quickly be accessed and restored.

Covered entities are required to comply with the HIPAA Administrative Simplification Security Rule since April 21, 2005. SpiderOak, as part of a comprehensive security plan, can be an important part of your compliance strategy.

For more information, see our HIPAA compliance overview, or our Business Associate Agreement (BAA) request form.