Backblaze and HIPAA Backblaze and HIPAA

Backblaze and HIPAA

Zack Zack


Backblaze takes data security very seriously. 


For our Online Backup service, we encrypt all files on your computer before transmitting them to our servers using the AES 128-bit encryption algorithm. Secondly, we transmit this encrypted data using an encrypted connection (HTTPS) to our data center. The data is then stored on one of our many storage pods in this encrypted format.  You can learn more about our encryption here. For additional security, you can specify your own private encryption key. If a private encryption key is specified, the data is encrypted to that key and only the key will unlock it.


For our B2 Cloud Storage service, we offer highly durable and secure storage and encourage users to take advantage of encryption features offered by many of our B2 Integration Partners to encrypt their files before uploading them. You can learn more about the Security and Redundancy of B2 Cloud Storage here. 

Server-Side Encryption can be enabled on B2 buckets. You can find out more about our Server-Side Encryption and how it works in our Server Side Encryption FAQ and Enabling Server Side Encryption guide.


Under HIPAA, Backblaze is a Business Associate to our business customers who are Covered Entities under HIPAA. We operate in compliance with HIPAA in this regard and will execute a Business Associate Agreement with customers who are Covered Entities under HIPAA.  Regarding the protected health information ("PHI") stored on your files, as outlined in our Privacy Notice, Backblaze does not access the content of the files you store with us. This means we will never see or access any of your patient's PHI.


While Backblaze is not a Covered Entity, many of our customers are, and we are happy to provide Business Associate Agreements (BAA) to our customers. To learn more and to request a BAA, please visit this page.