Mozy software and services ensure that the appropriate safeguards—including those for encryption, password restrictions, and data storage—are in place so that the electronic protected health information (ePHI) you work with and store remains confidential and secure as required by HIPAA.


Mozy safeguards your data with strong encryption, which includes a required encryption key and the encryption of data during backup and at rest. Your corporate encryption key or personal encryption key is known only by you. During the backup process, all files are secured with a personal 256-bit AES encryption key and then transferred to our data center via a secure SSL connection. And as required by HIPAA, your data remains encrypted while stored at rest in our data center.

Password requirements

HIPAA Security rules specify that access to ePHI data must meet benchmark-based password creation and use. Your Mozy passwords must meet length and complexity requirements, and password validation is time- and logic-sensitive and requires manual updates. Further, failed login attempts will automatically trigger account lockouts on an IP and user level.

Offsite backup

The Mozy service provides an automated remote or offsite backup and is a key component in any disaster recovery plan as protection against hardware failure, theft, virus attack, deletion, and natural disaster. And, as required by HIPAA, we send and store all data from a HIPAA-compliant account to our U.S. data centers only.

Download HIPAA Security data sheet

If you are a Mozy Reseller Partner, Mozy supports your customers' compliance to HIPAA.

Learn more

Mozy is audited and certified

There is no standard HIPAA certificate of compliance for backup software and services; however, rest assured that Mozy uses strict security policies, enterprise-grade encryption, and U.S. data centers to protect ePHI from unauthorized access, disclosure, alteration, and destruction. 

Mozy successfully completed an SSAE 18 Type 1 Assessment for HIPAA-HITECH, which resulted in a Type 1 Report. In addition, the Mozy service successfully completed its annual SSAE 18 Type 2 assessment, which resulted in a SOC 2 Type 2 report, and ISO 27001:2013 recertification audit. The audit was performed by Schellman & Company, LLC, an ANAB accredited certification body based in the United States. By voluntarily submitting to an SSAE 18 audit and obtaining ISO certification, Mozy demonstrates its commitment to its customers' information and its preparation to face current and ongoing threats to digital information, including ePHI.

For more information about HIPAA and HIPAA compliance, contact your legal counsel or refer to the HIPAA section of the U.S. Department of Health and Human Services’ website.