HIPAA compliance and remote access and file sharing made easy with FileFlexTM and the MaaviTM “HIPAA In A Box” solution stack.


Client Profile

Founded in 2007 and headquartered in San Francisco, Maavi has become a global provider of technology-based business solutions, offering a full array of IT services including NOC, SOC and IT compliance. Drawing upon extensive capabilities in consulting, business processes and IT infrastructure Maavi crafts solutions that meet the unique needs of their clients.

As Sri Pinnaka, the CEO of Maavi summarized “Maavicorp is a solution provider that delivers customers with the solutions, services and technology they need. That means putting the pieces together for the customer – not pushing a catalog of options. We don’t give the customer a piecemeal offering, we create a valuable solution stack which now includes FileFlex. Our customer shouldn’t have to worry, they can rely on us to provide the functionality and solutions they need. We are their trusted IT advisor.”

“I knew about FileFlex early on but I didn’t really see how the model was relevant for my business. It took real security and data management challenges in attempting to use cloud file share that made me take a second look. For security and HIPAA Compliance with no compromises Maavi and FileFlex are ideal.”

– Sri Pinnaka, CEO of Maavi

The Challenge

As the threat of HIPAA audits make compliance more top of mind, real incidents including ransomware attacks are affecting major brands; resulting in payouts, lost business and expensive remediation efforts.

  • Maavi customers wanted to address these challenges with a real, fully integrated solution.
  • Integrating all the pieces together to both facilitate HIPAA compliance and provide a great user experience.
  • Many organizations that manage HIPAA compliance often use on premise file servers, but users need to access the data from mobile devices using DropBox and other EFSS options.
  • Organizations also have data loss prevention systems in place in their environment but to add similar controls to the cloud increases overall complexity, productivity and risk.
  • The cloud enables flexibility but accessing data securely from the cloud is painful, particularly when there are potentially hundreds of GB of data to move back and forth.
  • Keeping data in the office means remote access and sharing is an issue as it is almost impossible to adhere to HIPAA security requirements.
  • Dropbox, OneDrive and others just weren’t proving to be feasible when considering all of the requirements.

Project Summary

In it’s earlier years Maavi took a fairly broad approach to the market, serving companies that benefited from the growing benefits of outsourced NOC and SOC services. However, as business grew, they found increased demand from companies requiring higher than average levels of security and compliance. By growing their internal competencies in this direction Maavi has become the go-to expert in HIPAA compliance. This has led an innovative approach they call “HIPAA in a box”.

As a result of this innovation, Maavi now provides a full range of compliance services from risk assessment to remediation and ongoing operations. Maavi attracts customers from HIPAA Covered Entities and Business Associates.

Key Project Components

To set the context of the challenge under regimes such as HIPAA, Maavi looked at some core principals.

  • The HIPAA Security Rule mandates a number of technical, physical and administrative safeguards.
  • These rules must support the protection of protected health information (PHI).
  • HIPAA adds some administrative burden, but these requirements are fundamental to robust data security and integrity.
  • HIPAA technical safeguards include access, audit controls, data integrity and authentication.
  • Each component of any solution must adhere to the applicable standards and contribute to compliance, while providing an optimal user experience.
  • Remote access and sharing must be secure, easy, productive and not overly expensive.

Project Outcomes

  • Maavi now provides its “HIPAA in a box” solution stack with FileFlex ensuring that remote access and sharing is fully compliant as data stays in source locations behind the firewall.
  • Maavi integrates all the pieces together to both facilitate HIPAA compliance and provide a great user experience.
  • Now organizations that are managing HIPAA compliance can use on-premise file servers and user can remotely access and share data that remains data resident and compliant.
  • Existing data loss prevention systems stay in place and are still fully compliant as the cloud is not used.
  • With no data duplication either in the private or public cloud, secure access is available on existing systems and infiltration is minimized.
  • Existing data in the office and on user devices can now allow remote access and adhere to HIPAA security requirements.
  • The use of other cloud-based services is kept to a minimum – offering greater security and significant cost savings.

The FileFlex Solution

  1. FileFlex Enterprise is the ideal file sharing and collaboration tool for HIPAA Covered Entities and HIPAA Business Associates.
  2. The FileFlex server is hosted either by the HIPAA Covered Entity itself or by the HIPAA Business Associate that provides FileFlex to the HIPAA Covered Entity.
  3. No Protected Health Information (PHI) or Personally Identifiable Information (PII) is ever stored or transferred to Qnext or third-parties.
  4. Sharing and collaboration can be limited to HIPAA covered entity or business associate contacts.
  5. File collaboration is from the HIPAA entity or associate’s source location and no copies are stored on remote devices or third party servers.
  6. When used according to HIPAA compliance policies, files can be shared in view-only mode and downloading to local devices prohibited.
  7. HIPAA compliance is achieved with security of data-at-rest and data-in-motion.

Learn more about FileFlex