By Annemaria Duran

[salesforce form=”4″]

Maybe you work for an HR department and are trying to manage employee files, including FMLA, insurance and other medical information. Or perhaps you are a healthcare provider with patient files.


You have probably wondered: “How can I stay HIPAA compliant, but spend less time managing my records?”

This is a valid question. Many document management software (DMS) systems provide organizational and indexing capabilities, but they leave the tools for compliance out of their systems. When searching for DMS that will make compliance easier, there are a few things to look for:

A Secure Database. Encryption of the documents is a necessity. Without a built-in encryption system, your office will need to employ additional technology services to encrypt your server. Some document management software systems require external encryption protocols to maintain security. Good DMS will have built-in encryption, preferably no lower than 128-bit, with some as high as 256-bit encryption. This DMS will not allow for a “back door” review of documents and will require that each individual user sign into the software with individual logins and passwords. eFileCabinet provides 256-bit encryption of your data both at rest and in transit! This is a higher security that your bank probably provides. (Over half of the United States’ financial institutions only encrypt their websites at 128-bit encryption.) 256-bit encryption is approximately 2,000 times more secure than 128-bit encryption!


Backup of the Database protects documents from loss in the case of system and server failure. Further, HIPAA requires that a backup of electronic records be maintained at a separate physical location. Strong DMS providers will provide a backup solution as part of an overall document management package.

eFileCabinet provides free backup service to all your data. Your documents are backed up at a minimum of 3 separate locations. This ensures security and safety for your data regardless of natural disasters or other calamities. All the data centers are housed in the United States, which ensures that foreign governments cannot regulate or compromise your data’s security. Even the on-premise, server-based solution includes this backup feature.

Client Portal is much safer than email. A client portal allows for secure sharing of documents with patients and insurance companies through a Cloud solution. The patients log into the portal with an individual username and password. eFileCabinet’s SecureDrawer provides you with a separate storage space in the Cloud that your clients can log into and view only their documents. They can’t see other client’s documents, nor are they able to see into your filing cabinets! Plus, SecureDrawer has a mobile apps for your client’s convenience.


Automated Retention is a must for compliance. Depending on the specific verticals of the documents, various policies must be observed. HIPAA requires that active employee records be maintained for the duration of the employee’s employment and for 7 years after termination. Automated retention makes this feasible by preventing documents from being accidentally deleted during employment and automatically tracking the 7 years after the employee folders are marked as terminated. (Medical providers are required to maintain records in accordance with state and company procedures. HIPAA does not mandate specific timelines for health records, but it does require that retention is universal across the organization.)

eFileCabinet’s retention tools allow you to lock down your documents and to set time frames for purging. This can be done in combination or exclusively of the other functions of retention. This feature alone will save your employees hours per week managing retention of documents.


Role-Based Security. Employee records should only be accessible by HR personnel. In addition, accounting and payroll functions records should not be accessed by general employees. The ability to lock down the documents to users based on job function and individual need-to-know basis is critical to ensuring that private information remain private, even from a rogue employee.

Not only does eFileCabinet allow for role-based security, but also has active directory integration so that you can seamlessly set the roles and job functions. Plus, if your employee can’t see a document, they can’t search the document and can’t see a preview. This is a feature that unfortunately not all programs with role-based security allow and this will keep your documents truly secure.


Audit Trails allow for tracking of every action taken in the filing cabinet and should only be available to top level administrators. This allows for overview and control of the documents and random verification that employees are utilizing the cabinet according to internal policy. Audit trails should be undeletable and unalterable.

The audit logs in eFileCabinet are not editable, nor are they viewable by users. Only your administrator can pull the audit logs. Audit trail reports can be generated according to specific guidelines and data. Logs can be generated according to employee, item, cabinet, or any other level in eFileCabinet and can be exported to an Excel spreadsheet. If you are interested in going paperless and managing your HIPAA documents easier, please fill out the form on the screen and we will call you to set up a short demonstration of eFileCabinet.