Hi Tom, end-to-end encryption is a key element of HIPAA digital communications and securing patient data. I don't think the location of the HIPAA data service provider matters.
On Jan 13, 2016, at 5:54 AM, Tom Fine <[log in to unmask]> wrote:
Interesting. I wonder how you are in HIPAA compliance if your data is not subject to US privacy and security laws?
-- Tom Fine
----- Original Message ----- From: "Michael Shoshani" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, January 13, 2016 8:24 AM
Subject: Re: [ARSCLIST] Cloud Storage
> Actually, there's one Canadian cloud service, sync.com , that makes a point
> of advertising that they are in Canada and not the United States, and thus
> subject to extensive Canadian privacy compliance laws rather than the US
> Patriot Act. Everything stored there is fully encrypted end to end from
> transmission to storage to retrieval, with the user holding the only set of
> keys; they cannot access the data, nor do they want to. (Their primary
> target seems to be medical facilities who need HIPAA compliance, but they
> offer to the general public as well.)
> Michael Shoshani
>> On Wed, Jan 13, 2016 at 6:58 AM, Tom Fine <[log in to unmask]> wrote:
>> For my personal files, I wouldn't want them stored on servers outside the
>> U.S. Something tells me that you have little or no legal recourse for stuff
>> not on a domestic server. But something else tells me that the user
>> agreement you click gives you little or no legal recourse anyway! I keep
>> all my personal stuff behind a firewall, on drives I own and control.
>> -- Tom Fine