Important: HIPAApropriateness reviews, including their summaries, are for informational purposes only. They are neither consultation nor legal advice. Be aware that while we do our best to be thorough and complete, information may be missing or possibly even inaccurate. Products also change quickly, and the review may become out of date. By continuing to read, you agree to use the information in HIPAApropriateness reviews and their summaries at your own risk.

Vital Stats

HIPAA compliance with this product appears possible?: Yes.
Recommend for your HIPAA risk management needs?: Yes. SpiderOak One is a good backup solution for a range of practice sizes. Read our notes for two details regarding proper use of the product.
# of Caveats: 0 view caveats→
# of Usage Notes: 2 view notes→

Relevant Product Characteristics

  • This product does not appear to have been designed specifically with healthcare in mind. Note that many products that are useful and appropriate for health care professionals are not designed specifically with health care in mind.

What Is This Product?

SpiderOak One LogoSpiderOak One is a well-known data backup service that will execute Business Associate Agreements with health care professionals.

SpiderOak is especially useful for professionals who need:

  • HIPAA Business Associate Agreements (that’s us)
  • A low-cost, low-maintenance backup solution
  • A backup service that runs continuously, or on a schedule, without much extra attention or thought needed.

Our Impressions

SpiderOak’s support was responsive and supplied information which instilled in us trust that their organization is suitable for the risk management needs of mental health professionals.

This is despite the fact that the company clearly does not closely identify with the role of “service provider for health care professionals.” Because their foundational security and technical service procedures are solid and professional, we did not see it as necessary for them to strongly identify that way.



Caveats are criticsms of the company or product that we feel are relevant to your risk management or other important considerations.



Notes cover points where the product can’t ensure compliance or ethical action for you. These help you know what your part of the compliance puzzle looks like when using this product. A high note count usually correlates with a feature-rich product, and not necessarily with a product that has problems.

1) Request your Business Associate Agreement before proceeding to use the service.

You need to request your BAA with this product. It is not executed automatically at registration.

At the time of our review, SpiderOak informed us that the place to request a BAA is at this link:

If that link ever goes bad, please let us know at [email protected] and we’ll look into fixing it. Please and thank you!

2) Back ups can be confirmed using the “Manage” tab

Remember that HIPAA’s security standards call on us to regularly check our backup systems to make sure they’re working.

SpiderOak support tells us that you can check on your backups by going to the “Manage” tab. Look in there to confirm that files you created or changed recently are showing up. If they are, then your backups are likely working as planned.


Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss