{"id":935,"date":"2021-08-10T09:36:00","date_gmt":"2021-08-10T09:36:00","guid":{"rendered":"https:\/\/www.123formbuilder.com\/wp-blog\/?p=935"},"modified":"2022-12-20T08:51:19","modified_gmt":"2022-12-20T08:51:19","slug":"is-dropbox-hipaa-compliant","status":"publish","type":"post","link":"https:\/\/www.123formbuilder.com\/blog\/is-dropbox-hipaa-compliant","title":{"rendered":"Is Dropbox HIPAA Compliant?"},"content":{"rendered":"\r\n

Dropbox is one of the leading file sharing and storing services currently on the market. As of writing this, it has\u00a0700 million users<\/a>\u00a0and its revenue for 2020 was $1.914 billion. Many businesses and organizations worldwide use Dropbox, and that includes HIPAA-covered entities.<\/p>\r\n\r\n\r\n\r\n

Medical organizations need to be careful when\u00a0choosing a file sharing<\/a>\u00a0and\u00a0storing service<\/a>\u00a0as they need to find a provider that will help them stay HIPAA compliant. If you want to keep your business away from legal and financial problems, you need a safe and trustworthy provider.<\/p>\r\n\r\n\r\n\r\n

So is Dropbox HIPAA compliant? Let\u2019s take a closer look.<\/p>\r\n\r\n\r\n\r\n

Healthcare Vendors and BAA<\/h2>\r\n\r\n\r\n\r\n

Since healthcare providers are covered entities under\u00a0HIPAA regulations<\/a>, they are responsible to comply with all HIPAA rules and ensure the accessibility and protection of all health information. And since HIPAA regulates how PHI is used, accessed, and transferred, it\u2019s relevant for file sharing and storing.<\/p>\r\n\r\n\r\n\r\n

If a covered entity works with a third party that encounters PHI in any way, that third party is known as a business associate. All business associates need to sign a business associate agreement (BAA). This agreement ensures that both parties understand and follow all HIPAA rules and regulations.<\/p>\r\n\r\n\r\n\r\n

So, the first condition Dropbox needs to meet to be HIPAA-compliant is to offer BAAs to any covered entity that requests one. And while users of the free version of Dropbox aren\u2019t offered a BAA, paid users can ask for a BAA and get one without any issues.<\/p>\r\n\r\n\r\n\r\n

Is Dropbox HIPAA Compliant?<\/h2>\r\n\r\n\r\n\r\n

Yes, Dropbox is HIPAA compliant. You\u2019ll be happy to know that if you set up your account correctly and choose the paid version of Dropbox, the service will meet all HIPAA regulations. As we already stated, Dropbox is willing to sign a BAA with any HIPAA-covered entity that purchases the paid version of their service.<\/p>\r\n\r\n\r\n\r\n

HIPAA violations shouldn\u2019t be taken lightly. Medical centers can be fined up to millions of dollars for breaking HIPAA regulations, have their entire organization investigated, and even shut down. And not to mention that if you break these regulations, you will also lose your patients\u2019 trust.<\/p>\r\n\r\n\r\n\r\n

Companies that need to follow HIPAA standards can easily do that through Dropbox\u2019s settings. You can monitor how PHI is used, limit who can gain access to it, and take advantage of other useful features that will help you avoid any legal problems and expensive fines.<\/p>\r\n\r\n\r\n\r\n

But Still\u2026<\/h2>\r\n\r\n\r\n\r\n

When asking the question\u00a0Is Dropbox HIPAA compliant<\/em>, we also need to take into consideration that it\u2019s still a digital tool. And like many other tools, it collects metadata about its users. They gather this metadata based on user interactions with the system and over time, create a general map of their use.<\/p>\r\n\r\n\r\n\r\n

Since the contents of this collected metadata get scraped automatically, you can\u2019t be completely sure if Dropbox keeps any PHI information that you didn\u2019t encrypt. And since metadata isn\u2019t protected by a BAA, this is the only thing that might make us question if Dropbox truly is HIPAA-compliant.<\/p>\r\n\r\n\r\n\r\n

How to Use Dropbox to Remain Compliant<\/h2>\r\n\r\n\r\n\r\n

The simplest answer to the question\u00a0Is Dropbox HIPAA-compliant<\/em>\u00a0is yes, but only if you follow these steps:<\/p>\r\n\r\n\r\n\r\n