Nextcloud in

On-premises security

Private or public organization, small or large, Nextcloud delivers the leading self-hosted productivity solution in any sector.

Analysis: data in healthcare

We recommend to keep sensitive data on your own infrastructure instead of in a public cloud as the easiest and most cost-effective way of ensuring compliance. Download our free healthcare security analysis.

In the next 5 to 10 years, we can expect far more security issues, which will require bigger budgets, more staff and teaching best practices.

Chief information Security Officer

Why self hosting?

You need 100% certainty
Sending around data by email or using public SaaS file sharing solutions does not provide much security for sensitive data. Encryption is complicated and cumbersome to use, reducing the real benefits due to employees working around them or making mistakes.
Keeping data on your own infrastructure or at a trusted local private or public cloud provider means you stay in control. Only then can you show your customers exactly where their sensitive documents are. Regulators can be certain that non-compliance with proper process is minimized.

Read our blog

SaaS is a risky solution
Most consumer-grade solutions like Dropbox or Office 365 were not designed with privacy regulations and security concerns in mind, mixing data from consumers and businesses, spread out in data centers across the globe. Enterprise IT workloads may be processed by Cloud Providers liable to the US CLOUD Act, meaning your business data can be leaked on orders of the US judicial system, often without disclosure to you.
Rather than trying to work around their limitations, Nextcloud provides a security-first solution which puts you in complete control over the location and access policies of data with a private cloud solution as well as a managed public cloud solution offered by local and trusted providers.

Get started

Putting the user first

Protocols, status updates and test results can be stored safely and shared easily among the professionals who need access.
With the growing complexity of the medical profession comes increasing amounts of patient data. Having patient information available in a moments notice can save lives. Nextcloud is designed for ease of use, fitting familiar interfaces and lowering the barrier to sharing and data access.

Easy access

A first requirement for any secure solution to share data is that it does not force complexity on the user. Complexity leads to mistakes and mistakes can cost lives!
Nextcloud makes accessing and sharing data a breeze, providing users a comfortable, familiar workspace.

Multi-platform productivity

Data needs to be available where the patient is. Tablets, mobile devices, laptops and desktops all have access to the same files at a moments notice thanks to the first-class Nextcloud clients.
Doctors and nurses can tag and comment on files for easy collaboration, roll back files to earlier versions or find deleted files in the trash. Real time collaborative editing and secure audio/video calls and chat complement the array of features aimed at enhancing productivity.

Contact us now to learn how we can help you!

Reduce risk, improve communication and cut operational expenses with the leading content collaboration platform.

Contact us

What are HIPAA and HITECH

The Health Insurance Portability and Accountability Act is a US law designed to provide privacy standards to protect patients’ medical records and other health information provided to health plans, doctors, hospitals and other health care providers.
HIPAA mandates industry-wide standards for protection and confidentiality of protected health information (PHI), both technical and in terms of processes.
the HITECH Act widens the scope of privacy and security protections available under HIPAA; it increases the potential legal liability for non-compliance; and it provides for more enforcement.

Learn more:
HIPAA combined regulation text
HIPAA privacy rules
HIPAA security regulations
HIPAA security technical safeguards requirements

Nextcloud fits seamlessly in a HIPAA compliant infrastructure. More details below.

Data protection

Secure your data

While data needs to be at medical professionals’ finger tips at all times, the IT department must be able to ensure policies around Protected Health Information are respected.
Healthcare data is at the same time extremely sensitive and needs to be immediately accessible. Regulators are aware and privacy and security requirements are extremely strict with HIPAA and HITECH rules in the US matched in many other countries across the globe.
Nextcloud is a popular self-hosted solution in healthcare for its ability to strictly control access to data and industry-leading security capabilities.

File Access Control

The File Access Control feature of Nextcloud enables IT to codify legal and policy requirements, blocking unauthorized users uploading or downloading data following defined rules. Criteria include IP address ranges, group membership, file type and size, time and more. Data retention can be controlled as well, enabling administrators to limit the lifetime of certain files.

Learn more

Monitoring and auditing logs

Nextcloud offers built-in powerful monitoring capabilities, enabling institutions to ensure smooth performance. Systems can be monitored using the web interface or through monitoring and systems intelligence tools like OpenNMS, Splunk, Nagios or others. A full auditing system logs all user actions, enabling fully compliant usage of file sync and share.

Learn more


Nextcloud uses industry-standard SSL/TLS encryption for data in transfer. Data at rest in storage can be encrypted using a default military grade AES-256 encryption with server-based or custom key management. Optionally and on a per-folder base data can be end-to-end encrypted on the client with the server assisting in sharing and key management using a Zero-Knowledge model.
Seamless integration and ease of use with key features like offline recovery keys, auditing and HSM support make Nextcloud Encryption capabilities leading in the industry.

Learn more

Nextcloud understands the necessity to provide core principle baseline security requirements, as such Nextcloud 11 is built on these security principles to ultimately deliver a secure solution to their customers.

Nextcloud offers first-in-class, third-party verified security backed by a USD 10000 Security Bug Bounty program protecting against unauthorized access.

Security in Nextcloud

A DICOM viewer in Nextcloud

Digital Imaging and Communications in Medicine (DICOM) is the international standard to handle medical images, ubiquitous worldwide in radiological imaging devices and systems.
A third party developed a DICOM viewer for Nextcloud, enabling medical professionals to view and modify DICOM files. It parses and displays patient information, enabling viewing of images with informational overlays including Computed Radiography (CR), Computed Tomography (CT), Digital Radiography (DX), Mammography (MG), and Magnetic Resonance (MR).
The DICOM viewer is a powerful example of the capabilities of Nextcloud and how it can be extended and integrated to support the workflow of professionals.

Learn more:
Introducing the Nextcloud DICOM viewer
The DICOM viewer in our App Store


Efficient deployment and management

Complexity is the enemy of security and Nextcloud is designed to offer quick and easy integration in existing infrastructure, leaving policies and procedures in place. Its powerful LDAP and storage integration seamlessly fits with existing user directories, Windows Network Drive, NFS and Sharepoint storage solutions.
The result: a quick implementation at low cost, and easy maintenance making a self-hosted Nextcloud the cloud compliance solution with the lowest TCO.

Deep integration

Nextcloud integrates in hospital infrastructure with support for SAML and Shibboleth, LDAP, Kerberos, Oauth, and other often used authentication mechanisms and runs on all enterprise Linux systems offering support options to match their life cycle.

Data storage can be one or multiple NFS, Object Storage, Samba or a variety of other powerful storage mechanisms. This way Nextcloud provides seamless access to data on existing storage mechanisms, respecting existing access control policies and transparently handling changes on the underlying storage layer.

Download our Architecture whitepaper

Download now

Key features in Nextcloud

Fully self-hosted, meaning all data is under your control. Nextcloud can leverage your existing storage, security and privacy policies. There is no vendor lock-in or tracking by us of any kind!

Authentication through LDAP / Active Directory, Kerberos and Shibboleth / SAML 2.0 and more and external storage supporting NFS, Object Storage and other protocols ensure easy integration.

Nextcloud offers an easy to use user interface which comes with powerful search functionality, trash and versioning, favorites, tags and more ways to quickly reach the files users need.

First-class security policies, extensive security hardening features and File Access Control to ensure legal and privacy regulations are enforced at all times. Nextcloud comes with integrated logging, two-factor authentication and NIST compliant password policy control functionalities.

Desktop and mobile clients for Windows/MacOS/Linux, Android and iOS complement the web interface, integrating in the file system. Nextcloud can also be reached through WebDAV.

Nextcloud offers fine-grained control from mobile, desktop or the Web over data access and sharing capabilities. Advanced quota management with configurable accounting of external storage and configurable file retention policies.

First class enterprise support with custom integration and security consulting available.


HIPAA Compliance Statement

Updated August 1, 2017

Nextcloud meets all Technical Safeguards requirements, supporting full compliance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Nextcloud GmbH is committed to ensure its software keeps PHI (Protected Health Information) private and secure. We have implemented features, policies and procedures designed to ensure compliance with Federal and State information security laws, regulations, and rules, and monitor ongoing compliance efforts.

Nextcloud supports:

  • Advanced Access Control capabilities
  • Automatic expiration of passwords
  • Account lockout upon multiple failed log-in attempts
  • Automatic virus scans
  • Secure data backups
  • Audit-ready logging of all user actions
  • Data-at-rest, in-transit and full end-to-end encryption
  • Email verification and two-factor authentication

The self-hosted nature of Nextcloud ensures Nextcloud usage does not change existing compliance of infrastructure, provided features and capabilities are employed as required by HIPAA and other legislation. Nextcloud can advise in implementing a HIPAA compliant setup.
Nextcloud services are designed not to require that our employees gain access to any customer data. In case this is required for specific support cases, confidentiality agreements are signed with all employees and extensive security processes are in place to log, investigate and report any breaches.
We understand that keeping your client’s information safe is of the utmost importance and Nextcloud GmbH will continue to provide its software and services in accordance with the relevant requirements of all state and federal laws and regulations, including, as applicable, HIPAA.
For additional information regarding Nextcloud’s privacy practices as they relate to this website, please see our Privacy Statement.

Questions regarding Nextcloud’s HIPAA policies or compliance may be directed to:

Nextcloud GmbH
Attention: HIPAA Privacy Officer
Hauptmannsreute 44A
70192 Stuttgart Germany

This site is registered on as a development site. Switch to a production site key to remove this banner.