HIPAA Compliance


In the Health field it's critically required that you meet federal compliance guidelines, in this respect XZ Backup delivers.

- Amanda A.
Health Insurance Portability and Accountability Act

Because XZ Backup may provide remote backup services to businesses that could be considered "covered entities" under HIPAA (The Health Insurance Portability and Accountability Act of 1996), we have decided to lay out our data security practices to help ensure they remain compliant while using our service.

Before any data is transferred to our servers by the XZ Backup client, it is first encrypted using 128-bit AES (with Twofish & Triple DES available in the Advanced version) with a password chosen by, and known only to the covered entity, XZ Backup has no access to these passwords. Additionally, any backed-up data restored through our website is encrypted using 256-bit SSL on top of the already used encryption method to store the data. All of our servers are located in secured & monitored datacenters with access restrictions in-place. For auditing purposes, the XZ Backup client automatically generates logs detailing the date/time and the files that have been backed up or restored.

The XZ Backup client offers the ability to store your encrypted backups locally (on the covered entity's computer(s)), and can provide instructions on how to archive these backups to a CD/DVD or other media. Additionally, for a fee, XZ Backup can also ship the encrypted data to the covered entity on CDs/DVDs, this data cannot be viewed without first being decrypted using the XZ Backup software and the covered entity's password.

Note: There is no standard "HIPAA certificate of compliance" for backup software and services. For more information about HIPAA and HIPAA compliance, contact your legal counsel or refer to the HIPAA section of the U.S. Department of Health and Human Services' website: http://www.hhs.gov/ocr/hipaa/