The short answer is 'yes'. The longer answer is a bit more complicated. The SpiderOak client and server environment contain all the appropriate technical security mechanisms to protect the data that is transmitted to and from the SpiderOak servers. In fact, we built the SpiderOak 'zero-knowledge' privacy environment specifically to handle this task. However, we do not currently employ a HIPAA compliance officer for self-certification.
The services provided by SpiderOak do form a critical part of Data Backup, Disaster Recovery, and Emergency Mode Operations strategies by providing remote accessible backup, storage and restore services that are geographically distant from the client site to minimize the likelihood of data loss in a large-scale disaster. In the event of loss of the primary data center, data located on the SpiderOak cloud can easily, securely and quickly be accessed and restored.
Covered entities are required to comply with the HIPAA Administrative Simplification Security Rule since April 21, 2005. SpiderOak, as part of a comprehensive security plan, can be an important part of your compliance strategy.