Operational guide to building file-transfer controls aligned with HIPAA security requirements.
Why zero-knowledge matters for HIPAA Under HIPAA's Breach Notification Rule (45 CFR 164.402), encrypted data that meets NIST standards is excluded from breach notification requirements — provided the encryption key was not compromised. Client-side encryption Files are encrypted with AES-256-GCM in the browser using the Web Crypto API before any data is transmitted. HIPAA Safe Harbor: encryption key not compromised Breach-safe by architecture Even if the storage server were compromised, an attacker would obtain only encrypted ciphertext — indistinguishable from random data without the key.
45 CFR 164.402 safe harbor provision NIST-approved cryptography AES-256-GCM is approved by NIST (SP 800-38D) and listed in the HHS Guidance on encryption methods that render ePHI unusable, unreadable, or indecipherable to unauthorized individuals. HHS Guidance to Render Unsecured PHI Unusable (74 FR 19006) HIPAA Security Rule — Technical Safeguards The following table maps HIPAA Security Rule requirements (45 CFR 164.312) to FileShot's implementation. Requirement CFR Reference FileShot Implementation Access Control 164.312(a)(1) Authenticated uploads via user accounts.
Audit Controls 164.312(b) Professional plan includes audit logging: uploads, downloads, deletions, and authentication events are recorded with timestamps. Integrity Controls 164.312(c)(1) GCM mode provides authenticated encryption — any modification to the ciphertext is detected during decryption and the file is rejected. Business Associate Agreement HIPAA requires that Covered Entities enter into a Business Associate Agreement (BAA) with any third-party service that handles electronic Protected Health Information (ePHI).
The ciphertext is indistinguishable from random data to anyone without the key, including FileShot operators. Files are encrypted before transmission, so even if TLS were compromised, the file content remains protected by AES-256-GCM encryption. Data retention and disposal Files expire automatically based on the configurable retention period set at upload.
Audit log retention Audit logs on the Professional plan are retained for a minimum of 6 years in accordance with 45 CFR 164.530(j). Logs contain operational metadata only — no file content, no filenames, no encryption keys. The server never possesses more information than necessary because it cannot access file content at all.
Breach notification procedure In the event of a security incident, FileShot follows the HIPAA Breach Notification Rule (45 CFR 164.400-414). 1 Incident detection and investigation FileShot investigates any suspected security incident immediately. If file data was encrypted with keys not compromised, the safe harbor provision applies.
FileShot's Professional plan includes a BAA, audit logging, and the strongest encryption architecture available in a file sharing platform. View pricing Contact compliance Security model · Technical whitepaper · BAA template · Healthcare use cases Zero-knowledge file sharing.
This model prioritizes controlled delivery, recipient scope, and revocation behavior instead of persistent account-centric storage access.
Attachment pipelines typically impose size constraints, limited visibility, and weak revocation controls once messages are forwarded.
Expiration should match transfer sensitivity and business context, with shorter windows for externally shared regulated data.
Teams should confirm sender identity, recipient scope, file classification, and integrity checkpoints prior to release.
Capture transfer metadata, policy decisions, recipient validation steps, and closure timestamps in auditable records.
They remove mailbox size constraints, centralize controls, and allow expiration or revocation after successful handoff.
Security model · HIPAA readiness · Verify encryption · Whitepaper