Compliance Security Deploy Pricing Workflows Contact

HIPAA · HITECH · FIPS 140-2 · FDA 21 CFR Part 11-ready

PowerArchiver for Healthcare

FIPS 140-2 validated AES-256 for PHI at rest and in transit — the technical safeguard most healthcare organizations cite for HIPAA Security Rule compliance. Encrypted Outlook, Secure FTP, VSS-aware backup, fleet admin-lockdown — one perpetual license. Used by hospitals, clinics, and payer organizations.

Request a quote Volume pricing

Compliance

Three frameworks every health-IT review checks

PowerArchiver doesn't certify against HIPAA itself — no software does; HIPAA compliance is the covered entity's responsibility. What PowerArchiver provides is the validated cryptographic plumbing your risk assessment relies on. The formal FIPS 140-2 validation documentation used in HIPAA audit binders lives at the Enterprise tier; Business / Professional / Toolbox ship the same AES-256 engine for encryption strength. Documentation supplied for your compliance package on request.

HIPAA Security Rule

Technical safeguards for ePHI

HIPAA's Security Rule (45 CFR §164.312) requires technical safeguards for electronic PHI — most importantly, encryption that renders ePHI "unusable, unreadable, or indecipherable to unauthorized individuals" (Safe Harbor under HHS guidance). PowerArchiver's FIPS 140-2 validated AES-256 satisfies the encryption-strength bar for both data-at-rest archives and data-in-transit FTP sessions.

See security stack →

HITECH Breach Safe Harbor

Encryption removes breach-notification obligation

Under HITECH §13402, properly encrypted PHI is excluded from breach-notification requirements when lost or stolen. PowerArchiver's encryption meets the HHS guidance specifying NIST-validated cryptography (FIPS 140-2 AES-256). A lost laptop containing PowerArchiver-encrypted PHI archives doesn't trigger a reportable breach — the trade-off most healthcare CISOs care most about.

Encryption details →

FIPS 140-2

Validated cryptography

Encryption uses Microsoft CryptoAPI's Enhanced Cryptographic Provider — a NIST-validated FIPS 140-2 cryptographic module. Required for federally-funded medical research (NIH-grant data handling, VA medical centers, DoD healthcare contractors) and increasingly cited as best practice in state-level health-data privacy laws.

Validation matrix →

FDA 21 CFR Part 11. For clinical trials and regulated life-sciences workflows, PowerArchiver's archive integrity (HMAC-protected PAE2 containers + tamper-evident verification) and password-policy controls support the electronic records / electronic signatures requirements when paired with your validation framework. The product is a technical control inside that framework — not a Part 11-certified system on its own.

Security stack

PHI protected at rest, in storage, and in transit

Encryption coverage for every part of the PHI handling chain — from clinical workstation archives through vendor exchange to long-term backup. Administrators can force any combination of these settings on the user fleet.

AES-256 encrypted archives

Full ZIP-AES at 128 / 192 / 256 bits + the strengthened PAE2 container with filename + size + timestamp encryption. PHI metadata isn't visible in archive listings — important for shoulder-surfing-resistant patient-data workflows.

Secure FTP / SFTP for vendor exchange

FIPS 140-2 validated TLS via Microsoft CryptoAPI. Use for billing clearinghouse uploads, lab integration, payer EOB exchanges — anywhere PHI moves between organizations and SFTP/FTPS is required by the BAA.

Outlook encrypted attachment add-in

One-click encrypts attachments to AES-256 directly in the Outlook ribbon — no separate workflow, no helpdesk training. Defaults are admin-lockable: prevent users from sending unencrypted patient data accidentally.

VSS-aware Backup

Volume Shadow Service captures consistent backups of locked / open files (mailboxes, EHR adjunct databases, departmental file shares). Encrypts with AES-256 by default; routes to local NAS + cloud + offsite simultaneously.

DoD-style file wipe

Built-in File Wipe (DoD 5220.22-M-suggested) for end-of-life clinical workstation decommissioning, returned-leased-hardware sanitization, and post-litigation hold purges. 1, 3, or 7 passes per your security policy.

Password policies + audit log

Force minimum password length and required character classes per administrator policy. Combined with the password-profile dropdown, eliminates shared-passphrase anti-patterns common in clinical environments where shift-change handoffs happen frequently.

Deploy via existing IT

MSI · GPO · clinical-workstation-friendly

Health-system IT teams have deployed PowerArchiver for over a decade. Single registration key for the entire fleet. Silent install. Lockdown matches the way clinical desktops are typically managed — minimal end-user choice, maximum enforcement of security policy.

Windows Installer (MSI) — push via SCCM, Intune, GPO, or the management tool your hospital IT already uses. 64-bit and 32-bit packages. Works on shared-clinical-workstation models with multiple user profiles per machine.

Single-key registration — deploy via GPO or registry merge. Survives image refreshes and roaming-profile rebuilds without per-machine activation overhead.

Forced encryption defaults — require AES-256 + FIPS 140-2 mode. Prevent users from selecting weaker ZipCrypto or unencrypted output. Lock the format choice at policy level so the only path is compliant.

Lock down high-risk features — disable cloud connectors, disable specific FTP destinations, hide Backup if your existing backup product handles that role. Per-feature MSI properties give fine-grained control.

Air-gap clinical-network deployment — license activation works via dedicated registry-merge path for isolated networks (DICOM imaging segments, segregated clinical research networks). No telemetry beyond the activation check.

EHR-friendly — minimal RAM footprint (~18 MB) coexists with Epic / Cerner / Meditech client workstations without resource contention. Not a competing memory-hungry suite.

Business Volume Pricing

Per-seat licenses scale with quantity

Volume discounts apply to Business, Professional, Professional Toolbox, and Enterprise per-seat licenses. The more you buy, the lower the per-license price. At ~500–1,000 seats consider Enterprise ($59.95 with volume rates) or Enterprise Unlimited for org-wide flat-fee deployment with FIPS / HIPAA / DFARS compliance built in.

Business

Quantity	Per license	Save
1	$22.95	—
2–9	$16.00	30%
10–24	$13.00	43%
25–49	$11.00	52%
50–99	$8.50	63%
100–199	$6.50	72%
200–499	$5.00	78%
500–999	$3.50	85%
1000+	$2.90	87%

Buy now

Professional

Quantity	Per license	Save
1	$34.95	—
2–9	$25.00	28%
10–24	$20.00	43%
25–49	$17.00	51%
50–99	$13.00	63%
100–199	$10.00	71%
200–499	$7.50	79%
500–999	$5.00	86%
1000+	$4.00	89%

Buy now

Professional Toolbox

Quantity	Per license	Save
1	$49.95	—
2–9	$35.00	30%
10–24	$28.00	44%
25–49	$22.00	56%
50–99	$17.00	66%
100–199	$14.00	72%
200–499	$10.50	79%
500–999	$7.00	86%
1000+	$5.50	89%

Buy now

Enterprise

Quantity	Per license	Save
1	$59.95	—
2–9	$45.50	24%
10–24	$36.50	39%
25–49	$28.50	52%
50–99	$20.50	66%
100–199	$18.00	70%
200–499	$13.50	77%
500–999	$9.00	85%
1000+	$7.00	88%

Buy now

→

When to switch to Enterprise: if you need FIPS 140-2, HIPAA / DFARS validation, audit logging, or centralized IT-control features, jump to Enterprise at $59.95 per-seat (volume rates available) — those compliance + IT features aren't in Business / Professional / Professional Toolbox. For org-wide deploys at high seat counts, Enterprise Unlimited (from $4,995) is typically more cost-effective than per-seat math above ~500 seats. Talk to sales for an Enterprise volume or Unlimited quote.

Prices shown in your region's currency (USD by default; £ on the UK variant). Volume orders billed via PO with NET-30 available for established companies. Request a formal volume quote →

Common deployments

Where healthcare IT actually uses PowerArchiver

A snapshot of the workflows where PowerArchiver shows up most often in health-system fleets. Each pattern is supported by features in PowerArchiver Professional or Toolbox.

Workflow	PowerArchiver feature	Compliance angle
Encrypted PHI email attachments	Outlook add-in + AES-256 PAE2	HIPAA Security Rule technical safeguard
Billing clearinghouse / payer SFTP exchange	Secure FTP/SFTP with FIPS 140-2 TLS	Encrypted-in-transit per BAA standard
Departmental file-share backup	PowerArchiver Backup (VSS + scheduling)	HIPAA Contingency Plan / data backup
Clinical-research dataset archiving	PA proprietary codec with deduplication	FIPS 140-2 for federally-funded research
End-of-life workstation sanitization	DoD 5220.22-M file wipe	HIPAA media-disposal safeguards
Audit-pull encrypted archives	OpenPGP signed archives + tamper detection	Integrity controls for HIPAA / Part 11
External vendor data handover	SFX self-extracting archives + AES-256	BA-to-BA exchange under HIPAA BAA terms

For specific HIPAA risk-assessment language referencing PowerArchiver as the technical control, or for the full FIPS 140-2 certificate package for your audit binder, contact us.

Procurement

Talk to us about your hospital, IDN, or research org

GPO / IDN volume pricing supported. BAA available for covered-entity buyers. We'll model volume Business / Professional / Toolbox vs. Enterprise Unlimited side-by-side — Enterprise is typically the right tier when HIPAA audit documentation or FIPS validation paperwork is required.

Request a quote View Enterprise tiers

Email: ordering@conexware.com

Phone: 1-888-302-8800

Office: ConeXware, Inc. · 11654 Plaza America Dr. #350 · Reston, VA 20190 · USA

Need help?

Get unstuck

🛟

Support

Installation issues, license activation, registration recovery — submit a ticket through the support form and we'll respond within one business day.

Open the support form →

📚

Wiki

Feature documentation, command-line reference (PACL), MSI deployment notes, FAQ archives, and configuration guides for IT.

Browse the Wiki →

🔑

Order Recovery

Lost your license key, need to re-download an old purchase, or want to update billing details? Manage everything from your ConeXware account.

Recover an order →