Skip to main content
Code42 Support

CrashPlan and HIPAA compliance

Applies to:
  • CrashPlan PROe
  • Code42 CrashPlan (previously CrashPlan PROe)


Code42 for Enterprise can be configured to support compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) as long as you do so according to proper policies and procedures. For details about Code42 for Enterprise's multi-layered approach to securing your data, see our white papers on Code42 for Enterprise security.

Guidelines for supporting HIPAA

There are two ways Code42 for Enterprise can support HIPAA:

  1. Recommended solution: activate Compliance Settings in your administration console.
    • Access to backup data is restricted automatically.
    • Works with private or hosted authority server.
    • Requires Code42 server version 5.4 or later.
    • Not compatible with the Legal Hold, File Search, and Security web apps.
  2. Alternative solution: manually configure settings to support compliance.
    • Access to backup data must be restricted through manual configuration.
    • Requires a private, on-premises authority server.
    • Available for all Code42 server versions.
    • Compatible with the Legal Hold, File Search, and Security web apps.
    • All administrators must be authorized to view electronic protected health information (ePHI).

Whether you choose the recommended or alternative solution, you must sign a Business Associate Agreement (BAA) with Code42 before your Code42 environment can be seen as supporting HIPAA compliance. Your company is responsible for developing and enforcing your own policies for using Code42 for Enterprise in a HIPAA-supported manner.

If you choose to manually configure the settings, you must do the following to support HIPAA:

  • Store your encryption keys in an on-premises authority server.
  • Assign user roles to prevent unauthorized restoration of data.
  • Monitor logs for changes to user roles, user creation, and user deactivation.
  • Restrict visibility of backup data only to users and administrators authorized to view ePHI.

For details about how to manually configure your Code42 environment in a HIPAA-supported manner, see Configuring CrashPlan For Use With HIPAA: Code42 server version 4.x | Code42 server version 5.x.

Additional help

If you are new to Code42 for Enterprise, contact our sales team to get started.

If you already have a Code42 for Enterprise deployment, contact sales to engage your Code42 PRO Services representative if you have additional questions about:

External resources

For a detailed explanation of HIPAA requirements, please reference the following resources from the U.S. Department of Health & Human Services: