30-Day Free Trial

HIPPA Compliance


The HIPAA law of 1996 basically charged the Secretary of the US Department of Health & Human Services to develop rules and regulations for the protection of individual rights in the health care industry.

The subsequent Administrative Simplification amendment from the US Department of Health & Human Services created four major rules for the health care industry:

Standardization of electronic patient health, administrative and financial data transactions

Unique health identifiers for individuals, employers, health plans and health care providers

Security standards protecting the confidentiality and integrity of “individually identifiable health information,” past, present or future.

Privacy rules governing the use and management of individual personal and medical information.

While Oak Tree Storage is concerned about all the HIPAA requirements internally as well as for our clients, our electronic services are designed to help you meet these requirements in two ways: first, by providing for the electronic data backup, restore and (in certain cases) disaster recovery functions that are part of your HIPAA compliance processes; and second, by ensuring that our services, data, equipment and facilities themselves conform to the HIPAA requirements in terms of privacy and security in the following sections of the laws:


  • Administrative Safeguards
  • Authentication
  • Availability
  • Confidentiality
  • Encryption
  • Facility
  • Information system
  • Integrity
  • Malicious software
  • Password
  • Physical safeguards
  • Security or Security measures
  • Security incident
  • Technical safeguards
  • User
  • Workstation

For more specific information on these safeguards please refer to the Security/Privacy section of our website.

Oak tree cannot and does not make any claim of privacy, security or any other HIPAA compliant or other requirements for any data, files, databases, images on any media whatsoever, nor any other electronic or manual information created, maintained or filed in its clients’ offices, but can assure its clients of the privacy and security of any information properly backed up to our backup servers.

For disaster recovery server users, your encrypted data is installed on a server and only you and/or others that are authorized personnel of your designation will have access to this server, its applications, facilities and data. Such access has various security measures and are clearly explained in our User Manuals for your information.

For any further clarification of the HIPAA requirements, see the following references:


HIPAA Information (HHS):

US Department of Health and Human Services; US Office of the Assistant Secretary for Planning and Evaluation; Administrative Simplification in the Health Care Industry:

US Govt Dept of Labor – HIPAA:

To discuss Oak Tree’s HIPAA compliance further, please contact Oak Tree Storage, LLC at

Sox Compliance


The Sarbanes-Oxley Act of 2002 (“SOX”) is a highly complex and dynamic set of rules designed essentially for the financial protection of individuals, although it focuses on record-keeping, reporting and auditing functions for corporations. It establishes different compliance dates and rules for different-sized companies, and has different rules for private versus public companies.

While Oak Tree Storage, LLC, meets any and all SOX requirements that apply to it, it provides the means for its clients to meet the SOX requirements for internal processes and controls to the extent that the SOX rules (for companies meeting its compliance and reporting criteria ) require your organization to have functions and processes in place to minimize or eliminate “…all significant deficiencies in the design or operation of internal controls which could adversely affect the issuer’s [your] ability to record, process, summarize, and report financial data and have identified for the issuer’s [your] auditors any material weaknesses in internal controls;…” (“Title III, Section 301, Sub-section 3, Paragraph A: ‘Section 10A of the Securities Exchange Act of 1934 (15 U.S.C. 78f) is amended by adding at the end the [preceding] to: ‘(m) STANDARDS RELATING TO AUDIT COMMITTEES.— ‘ For the indexed, full text of the Sarbanes-Oxley Act of 2002, see:

For a brief, informative summary of the Sarbanes-Oxley Act of 2002, see:

To discuss how Oak Tree’s services help you meet your specific compliance requirements, contact us at


To ensure the security and privacy of your data, Oak Tree provides two forms of encryption for your data:

1. All your data on Oak Tree servers is pre-encrypted – by you – with one of three industry-standard encryption methodologies (your choice of AES, TripleDES [a/k/a DES3] or TwoFish) based on an encryption key that only you, the client, possess (Oak Tree will not accept retention, maintenance or even knowledge of any client encryption key). These encryption keys are 128-bit symmetric key encryptions and are used by the major banks, brokerage firms and insurance companies throughout the world as well as the U.S. Government (see note below). This encryption occurs on your computer equipment before your data is transmitted over the internet to our highly secure facility. This world-class security is reinforced by using your choice of two different encryption modes.

2.Once encrypted, you data is sent to the Oak Tree servers via Oak Tree transmission services utilizing industry standard Secure Sockets Layer methodology using a randomly generated 1024-bit RSA public key to further secure the actual transmission of your already-encrypted data. The strength of the encryption depends on the key size you use during the transmission process (usually preconfigured on your computer) but is highly secure even with the smallest allowable key. This protects your already-encrypted data transmission from any and all possible intrusions or hacking.

In addition, during the initial encryption and compression procedure on your computer/server, a random number (technically consisting of an initial vector, salt and iteration count) is randomly generated and applied to each file when it is encrypted.

Oak Tree uses the AES encryption method by default. The Advanced Encryption Standard (AES) feature allows added support for still further security with your choice of Cipher Block Chaining (CBC) or Electronic Cook Book (ECB) modes.

The U.S. National Institute of Standards and Technology (NIST) created AES, which is a Federal Information Processing Standard (FIPS) publication that describes an encryption method. AES is a privacy transform for Internet Protocol Security (IPSec) and Internet Key Exchange (IKE) and has been developed to replace the Data Encryption Standard (DES). AES is designed to be more secure than DES: AES offers a larger key size, while ensuring that the only known approach to decrypt a message is for an intruder to try every possible key, which AES has a variable key length – the algorithm can specify a 128-bit key (the default), a 192-bit key, or a 256-bit key. (Oak Tree does not support the longer lengths, as they typically consume far more CPU time than most servers can make available for administrative functions.) A 128-bit key size has 2128 – or about 3.4 x 1038 – possible combinations. It is estimated that it would take 8.77 x 1017years on very large computers to test all possible combinations.

According to the U.S. National Security Agency – US Government, CNSS (NSA (National Security Agency) – Committee on National Security Systems: Policy No. 15, Fact Sheet No. 1 National Policy on the Use of the Advanced Encryption Standard (AES) to Protect National Security Systems and National Security Information; June, 2003:

“The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level.”

“Subject to policy and guidance for non-national security systems and information (e.g., FIPS 140-2), U.S. Government Departments and Agencies may wish to consider the use of security products that implement AES for IA applications where the protection of systems or information, although not classified, nevertheless, may be critical to the conduct of organizational missions. This would include critical infrastructure protection and homeland security activities as addressed in Executive Order 13231, Subject: Critical Infrastructure Protection in the Information Age (dated 16 October 2001), and Executive Order 13228, Subject: Homeland Security (dated 8 October 2001), respectively.”

Finally, each client user has the option of specifying an exclusive list of specific IP addresses from which their data may be accessible. This provides the added security of limiting locations that may access the Oak Tree servers. NOTE: You should be careful and thorough if using this option, as internal IP addresses will not function across the Internet, and any error in this regard might prevent proper access to your data. Be sure to consult a telecommunications expert before selecting this option.

While the remote possibility always exists that your data might be “physically” intercepted by expert hackers during its transmission, its “logical”, or data content is fully protected by this highest-level double-encryption, and will appear as indecipherable nonsense characters to anyone without your encryption key, which is required to decrypt your data. (For this reason, it is essential that you never lose your encryption key, but keep it in a secure location in your office or home.)

In addition, Oak Tree utilizes and maintains virus, spyware, malware and other intrusion prevention, detection and auto-removal software and other processes to ensure your data is highly secure and redundant. However, Oak Tree software does not scan your data for such intrusive software during its backup processes. Please keep in mind that certain data, in addition to programs, can harbor certain types of viruses. This includes Excel spreadsheets (.xls) and Word documents (.doc) embedded in macros. If these exist in your data, they will be encrypted and backed up along with your data.

Oak Tree further utilizes its own highly secure, state-of-the-art firewall with highly secure settings at its data center for further server protection. In addition, a CRC (Cyclical Redundancy Check) is performed on all data transmissions to ensure the completeness of the data being transmitted. This is a sort of “characters-transmitted” check-digit calculation performed by Oak Tree software on your (sending) server, and then again on our (receiving) server, as each small “piece” of encrypted data is transmitted. This ensures that all the “pieces” of encrypted data you sent from your server are exactly the same as the “pieces” of encrypted data we received at our server. In the event any one or more CRC’s don’t match, those “pieces are re-sent from you server to ours. If this re-transmission occurs too often, the connection is dropped and re-established, and the process starts over again. In the event of a persistent problem, our administrators will contact you directly.

Oak Tree’s physical facilities, in which it maintains its equipment, are highly secure, state-of-the-art technology environments. (See our website section for more details on our Data Center.)


Your encryption key is used to encrypt your files. It resides only on your computer (in an unreadable format) and is known only to you. It never appears in digital form in plain text format anywhere. It is never transmitted anywhere across the network. If this key is lost, your backup files can never be recovered. Although technically Oak Tree has access to all files you stored on our backup server (in encrypted mode), we have absolutely no knowledge of their contents, nor do we have any means of determining it.

Therefore: Please make certain you document your encryption key in a VERY SAFE PLACE where it will be well-protected and never lost. (It is maintained on your computer, but in pre-encrypted form – not plain text, and is indecipherable.) If you cannot enter your encryption key when you need to restore any of your data, you will NOT be able to recover your backup files and your data will remain irretrievable until and unless you enter your correct encryption key.


Data Center Specifications

  1. 600 Kw of N+1 Redundant UPS power with the industry’s most reliable, comprehensive backup power protection and Generation
  2. 1,200 kW Dedicated Caterpillar Diesel Generator with a Day Tank and 3000 Gallon Fill Tank Onsite with capability to run without power or external diesel supply for several weeks
  3. Over 200 tons of cooling capacity and humidity control with year-round capability with 10 Liebert CRAC 30 ton Glycol A/C units
  4. Dual incoming utility feeds from separate substations off two (2) isolated grids.
  5. With our Data Center in the heart of Manhattan not far from the New York Stock Exchange and other major global financial institutions, Oak Tree is situated at the intersection of two separate major power grids, providing full redundancy and added capacity as needed.
  6. Triple Pre-Action Fire Suppression System; Fike Fire Alarm System
  7. State-of-the-art security features
  8. Data Center security is a top priority for Oak Tree. We have ensured the utmost security so that our clients can be assured of the safety of their data. Our Data Center is located in a heavily protected building. Security personnel are on guard 24×7; biometric fingerprint readers are on computer room door locks; strategically placed video cameras operate 24×7; motion detection is utilized; all doors are equipped with alarm systems.

  1. Oak Tree’s Data Center maintains multiple, private transit, high-speed connections to multiple Internet backbone providers, carried by different telecommunication carriers for added redundancy. If the connection from any single Internet provider should fail, Oak Tree’s dual router configuration will route traffic through a different provider.
  2. Our Data Center has chosen a private transit internet connectivity strategy in addition to a public peering approach. Oak Tree believes that this strategy provides the very best Internet connectivity, combining the advantages of both and providing an alternative to their disadvantages. Our private and public transit Internet strategy is forward-looking in that it provides the best possible Internet connectivity today and ensures that Oak Tree can provide uninterrupted services to its clients.
  3. Oak Tree’s Data Center maintains upstream connectivity to top tier providers such as BBN Planet/Genuity, UUNet, Sprint, Qwest, PSI, Intermedia, and others. Our LAN is just as powerful as our Data Center ’s WAN. Utilizing Cisco’s powerful equipment as well as that of other major manufacturers, we leverage an ultra fast, fully meshed and reliable network.
  4. Oak Tree’s Data Center backbone has the ability to minimize distressed and over-allocated network access points to offer the most reliable and consistent data pipe available today. The network taps into dual OC-48-based connections with direct links to all major carriers and public exchanges.
  5. Oak Tree’s Data Center brings fiber optic cable from multiple carriers into the facility. Fiber is delivered from different telecommunication Central Offices and enters the building at different locations in physically separate paths that never converge. Dual fiber entry provides redundancy at the carrier level and protection from instantaneous, accidental (or intentional) loss of connectivity.
  6. Oak Tree can therefore support our clients with the type of connectivity, speed, throughput and security their data warrants. We maintain an internal SLA of 99.999% uptime.

  1. Today, we are all aware of the reality of network intrusion threats. For Oak Tree, protecting its systems against these has become a vital objective. To accomplish this objective Oak Tree’s Data Center leverages a network intrusion detection system (IDS) capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. The IDS uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plug-in architecture. The IDS is able to immediately notify Data Center personnel of anything suspicious, so that we may take appropriate action, from keeping an eye on things, to blocking malicious traffic or even contacting the responsible party.
  2. Additional logical security includes the use and ongoing maintenance of a state-of-the-art firewall with added intrusion-detection, as well as multiple well-known anti-virus, anti-spam, anti-spyware and anti-malware programs on all our servers.