Does Dropbox enable HIPAA compliance?

When it comes to sharing or storing files online, Dropbox is king. By 2018, the file service had 500 million users, including 11.5 million paid users. But should your business use Dropbox?

The short answer is maybe — if you take the right steps. If your organization is a HIPAA-covered entity, you need to be careful when transmitting patient information.

Even large corporations have run into problems with HIPAA compliance. Recently, Google created a program to help healthcare systems predict the risks and benefits of giving certain treatments to patients based on their information.

Following HIPAA standards is essential to protecting your business from financial and legal problems. So does Dropbox enable HIPAA compliance? Or is it better for your business to stay away?

Can Dropbox be used in a HIPAA-friendly manner?

Dropbox has stated that it is willing to sign a BAA with HIPAA-covered entities. Dropbox also offers account settings that help companies follow HIPAA’s standards. You can limit who accesses protected health information (PHI) and monitor how PHI is used. Taking advantage of these features can protect your business from expensive fines and legal problems.

HIPAA violations are costly. One medical center got hit with a $3 million fine for losing patients’ information. An investigation found that the center failed to install encryption features on devices that held patient data. How can you prevent your business from falling into this trap?

Using Dropbox correctly may protect you from legal problems while allowing you to take advantage of Dropbox’s services. How can you configure your Dropbox account so it can be used in a way that helps with HIPAA compliance?

How can companies use Dropbox correctly?

To avoid HIPAA violations, you need to ensure that your organization’s Dropbox account is legally compliant. Here are some tips for setting up your business’s Dropbox account:

• Set up your account before you transfer any PHI. Be HIPAA-friendly before you start uploading patient data. This prevents data breaches and legal trouble.
• Create a paid Dropbox account. Dropbox will apparently only sign a BAA if you’re a paid user.
• Sign a BAA with Dropbox. Dropbox will apparently sign a BAA if you use Dropbox Business, Education, or Enterprise, but not Dropbox Paper. You can sign a BAA on your admin page.
• Install security features. You have to restrict who can access, send, and receive files on Dropbox. Two-step verification can ensure that data is available only to those who are supposed to receive PHI.
• Disable permanent deletion. HIPAA requires that patients be given a copy of their medical records upon request.
• Monitor who’s using Dropbox and how they’re using it. Limiting access will only go so far. Have your admin check up on your Dropbox account routinely and make sure no one’s accessing PHI when they don’t need to.
• Beware of third-party apps. Third-party apps can add better security and functionality to your Dropbox account. However, they aren’t covered under Dropbox’s BAA, and they may not follow HIPAA standards. Research any third-party apps before you use them to help they comply with HIPAA.

Dropbox provides an important service for many businesses. Thankfully, your business can benefit from Dropbox too. Configuring your account correctly protects you from legal trouble and allows you to use a service that’ll improve your patient care.

Don’t drop Dropbox from your healthcare organization

Nobody wants to make it harder to provide great healthcare. Sending and storing files online helps healthcare providers coordinate and improve their care. Setting up your Dropbox account can make it easier to provide excellent patient care while following HIPAA’s strict regulations.