For Home  For Office

 Office plans now up to 30% off

To help healthcare organizations comply with HIPAA, privacy and security standards have been created to protect personally identifiable health information. Compliance with HIPAA's administrative, physical and technical safeguards is imperative to ongoing business operations of healthcare organizations, and other institutions that store personal health information. 

As a Business Associate, Carbonite supports regulatory compliance requirements for our Pro Plan and Server Plan customers by applying the administrative, physical and technical safeguards in order to ensure the confidentiality, integrity and security of your data.

Offsite backup for disaster recovery

Carbonite is a key component in any disaster recovery plan as backup protection against hardware failure, theft, virus attack, deletion and natural disaster. Our product includes an easy restoration process should your business experience unexpected downtime.


All data backed up with us is encrypted. Customer data is sent over a secure SSL connection, and remains encrypted while in transmission ("in-flight") and in storage ("at-rest"). While at the data centers, all your data remains encrypted.

Secure data centers

Our data centers are physically secure with protective measures that restrict personnel access using biometric scanners, electronic key cards and PIN codes. Additionally, on-site security officers guard the location 24 hours a day, 365 days a year.

Massachusetts Data Security Compliance

Carbonite is compliant with the Massachusetts Data Security Regulation (201 CMR 17), widely considered the most stringent data protection statute in the nation. It prescribes robust principles for security vulnerability management and monitoring. All Carbonite customers, regardless of residence, get the benefit of Carbonite's compliance with the Massachusetts Data Security Regulation.

Business Associate Agreement

Carbonite's Business Associate Agreement (BAA) is based on the federal government's standard, so you can rest easy knowing your backed up data is secure and meets business associate compliance requirements.


The U.S. Congress enacted HIPAA in 1996. HIPAA is designed to protect patients' medical records and other health information supplied to health plans, doctors, hospitals and other healthcare entities.

Carbonite requires healthcare customers to execute a Business Associates Agreement (BAA.) For more information on using Carbonite to support your HIPAA compliance and to request a copy of Carbonite's BAA, please call 1-855-227-2249 or send an email to