SOURCE: SpiderOak


September 24, 2013 08:00 ET

SpiderOak's 'Zero-Knowlege' Privacy Agrees With New HIPAA Omnibus Rule

Compliant by Default, SpiderOak Grows Into Go-To Solution for Health Care Industry

SAN FRANCISCO, CA--(Marketwired - Sep 24, 2013) - All over America, health care providers are eager to embrace the efficiencies found in the cloud. Yesterday -- September 23 -- marked the issuance of the latest update to the Health Insurance Portability and Accountability Act (HIPAA) -- the Final Omnibus Rule. This new law requires that Business Associates of health care providers -- including cloud storage companies -- be HIPAA compliant by September 23 [1]. Anyone found violating the rule will face fines of up to $1.5 million.

Because HIPAA compliance involves stringent privacy and security protections for electronic health information (PHI), many cloud providers are balking at signing new Business-Associate agreements [2]. Most cloud-technology providers, such as Box and Dropbox, do not include the built-in privacy protections that guarantee HIPAA compliance. Because many cloud storage companies store plaintext data on their servers, PHI is especially vulnerable to breaches and compliance violations. In contrast, SpiderOak and its 'Zero-Knowledge' privacy approach ensures the privacy of users -- making it a HIPAA-compliant technology by default.

"We built a new way to think about privacy and security in the cloud," said SpiderOak CEO Ethan Oberman. "Our 'Zero-Knowledge' implementation means data on the server is never available in plaintext. As it relates to regulatory situations such as HIPAA, this differentiated approach means we also aren't handling patient records or excel files or word documents but rather only encrypted data blocks. Therefore, as a Business Associate -- today's parlance for a HIPAA cloud storage provider -- SpiderOak is able to successfully draw the line between the services we are providing and the retention of data privacy and ownership. A critical distinction in this continually evolving world."

SpiderOak's 'privacy-first' design is meeting an ever-growing need for technology solutions that protect data from privacy incursions. In compliance-sensitive industries, such as health care and finance, any technology that cannot ensure compliance places a great deal more stress on the relationship between company and vendor. As health care is becoming increasingly digitized, mobile and cloud-driven providers are taking care to choose only those cloud providers that will ensure privacy throughout the data lifecycle and wherever the data may reside. By encrypting all data, privacy technologies such as SpiderOak offer an added productivity benefit.


[1] U.S. Department of Health and Human Services, "New Rule Protects Patient Privacy, Secures Health Information," 17 January 2013.

[2] Journal of AHIMA, "Deadline Ahead: Last-Minute HIPAA Business Associate Compliance," 11 September 2013.

About SpiderOak

SpiderOak provides cloud technologies built around 'Zero-Knowledge' Privacy. This 'Zero-Knowledge' Privacy Standard ensures absolute confidentiality between you and your data, everywhere, every time and from every device. With SpiderOak, you maintain full and complete control of your data in a centralized, managed and fully protected environment. SpiderOak: we've got your back(up).

Contact Information

  • Media Contact:
    Sammy Totah
    BOCA Communications
    +1.415.738.7718 ext. 7
    Email Contact