PHI and HIPAA

Mozy software and services ensure that the appropriate safeguards—including those for encryption, password restrictions, and data storage—are in place so that the protected health information (PHI) you work with and store remains confidential and secure as required by HIPAA.

Encryption

Mozy safeguards your data with strong encryption, which includes a required encryption key and the encryption of data during backup and at rest. Your corporate encryption key (c-key) or personal encryption key is known only by you. During the backup process, all files are secured with a personal 256-bit AES encryption key and then transferred to our data center via a secure SSL connection. And as required by HIPAA, your data remains encrypted while stored at rest in our data center.

Password requirements

HIPAA Security rules specify that access to PHI data must meet benchmark-based password creation and use. Your Mozy passwords must meet length and complexity requirements, and password validation is time- and logic-sensitive and requires manual updates. Further, failed login attempts will automatically trigger account lockouts on an IP and user level.

Offsite backup

The Mozy service provides an automated remote or offsite backup and is a key component in any disaster recovery plan as protection against hardware failure, theft, virus attack, deletion, and natural disaster. And, as required by HIPAA, we send and store all data from a HIPAA-compliant account to our U.S. data centers only.

Download the HIPAA Security data sheet.

If you are a Mozy Reseller Partner, Mozy supports your customers' compliance to HIPAA.
Learn more

Mozy is audited and certified

There is no standard HIPAA certificate of compliance for backup software and services; however, rest assured that Mozy uses strict security policies, military-grade encryption, and U.S. data centers to protect PHI from unauthorized access, disclosure, alteration, and destruction. For more information about HIPAA and HIPAA compliance, contact your legal counsel or refer to the HIPAA section of the U.S. Department of Health and Human Services’ website.