When it comes to sharing or storing files online, Dropbox is king. By 2018, the file service had 500 million users, including 11.5 million paid users. But should your business use Dropbox?
The short answer is maybe — if you take the right steps. If your organization is a HIPAA-covered entity, you need to be careful when transmitting patient information.
Even large corporations have run into problems with HIPAA compliance. Recently, Google created a program to help healthcare systems predict the risks and benefits of giving certain treatments to patients based on their information. However, Google uploaded so much data so quickly that the Office of Civil Rights began investigating them for HIPAA violations. If Google is found guilty of violating HIPAA, the company could be in for some serious legal trouble.
Following HIPAA standards is essential to protecting your business from financial and legal problems. So can Dropbox comply with HIPAA regulations? Or is it better for your business to stay away?
Is Dropbox HIPAA compliant?
Yes, but you need to set up your account correctly. Dropbox is able to meet every HIPAA regulation for businesses that work with covered entities.
For example, Dropbox is considered a business associate (BA) of HIPAA-covered entities. But you must sign a business associate agreement (BAA) with BAs before you work with them. Dropbox is willing to sign a BAA with HIPAA-covered entities.
Dropbox also offers account settings that help companies follow HIPAA’s standards. You can limit who accesses protected health information (PHI) and monitor how PHI is used. Taking advantage of these features can protect your business from expensive fines and legal problems.
HIPAA violations are costly. One medical center got hit with a $3 million fine for losing patients’ information. An investigation found that the center failed to install encryption features on devices that held patient data. How can you prevent your business from falling into this trap?
Using Dropbox correctly protects you from legal problems while allowing you to take advantage of Dropbox’s services. How can you configure your Dropbox account so it’s HIPAA compliant?
How can HIPAA-compliant entities use Dropbox correctly?
To avoid HIPAA violations, you need to ensure that your organization’s Dropbox account is legally compliant. Here are some tips for setting up your business’s Dropbox account:
- Set up your account before you transfer any PHI. You need to be HIPAA compliant before you start uploading patient data. This prevents data breaches and legal trouble.
- Create a paid Dropbox account. Dropbox will only sign a BAA if you’re a paid user.
- Sign a BAA with Dropbox. Dropbox will sign a BAA if you use Dropbox Business, Education, or Enterprise, but not Dropbox Paper. You can sign a BAA on your admin page.
- Install security features. You have to restrict who can access, send, and receive files on Dropbox. Two-step verification can ensure that data is available only to those who are supposed to receive PHI.
- Disable permanent deletion. HIPAA requires that patients be given a copy of their medical records upon request. This means you can’t delete their files.
- Monitor who’s using Dropbox and how they’re using it. Limiting access will only go so far. Have your admin check up on your Dropbox account routinely and make sure no one’s accessing PHI when they don’t need to.
- Beware of third-party apps. Third-party apps can add better security and functionality to your Dropbox account. However, they aren’t covered under Dropbox’s BAA, and they may not follow HIPAA standards. Research any third-party apps before you use them to ensure they comply with HIPAA.
Dropbox provides an important service for many businesses. Thankfully, your business can benefit from Dropbox too. Configuring your account correctly protects you from legal trouble and allows you to use a service that’ll improve your patient care.
Don’t drop Dropbox from your healthcare organization
Nobody wants to make it harder to provide great healthcare. Sending and storing files online helps healthcare providers coordinate and improve their care. Setting up your Dropbox account can make it easier to provide excellent patient care while following HIPAA’s strict regulations.
There’s more to HIPAA compliance than account settings. You also need to have the right online forms. At JotForm, we offer HIPAA-compliant online forms that make it safe and easy for patients to input their data.