Gazelle Consulting

Is Dropbox HIPAA Compliant?

Is Dropbox HIPAA Compliant?

Dropbox E3 and E5 accounts meets a variety of certification and regulation criteria that enable them to be configured in a HIPAA compliant manner. These configurations are not a part of the default setup. Make sure everyone on your team knows how Dropbox fits into your procedures and while conforming to HHS HIPAA security requirements.

Encrypt PHI Stored on Dropbox

In order to make sure the PHI you store on Dropbox is encrypted, you will have to make decide on the answers to some questions. Dropbox will allow you to store files containing unencrypted PHI, so remember to either encrypt your documents before uploading them to Dropbox storage. Here are some encryption decision questions to get you started.

  • Have you decided how you will encrypt PHI stored at rest while it is on Dropbox’s servers?
  • Is your team trained on how to use software that manually encrypt files containing PHI?
  • Do you have the resources in-house to setup and administer an integrated encryption solution?
  • Who will be responsible for managing encryption keys?

Manual Encryption Options

Good no-cost software for manually encrypting your files include VeraCrypt and DiskCryptor. Paid for services like AxCrypt have even more features to help you manage encrypted file access including robust key sharing features, password management, backup keys, mobile support, file wiping and more.

Built-in Encryption Options for Dropbox

Use a service like BoxCryptor to automatically encrypt all files before uploaded to your account. Dropbox has provided a Business and HIPAA/HITECH overview for customers looking to meet HIPAA requirements.

Will Dropbox Sign a Business Associate Agreement?

Yes, Dropbox will sign a Business Associate Agreement with E3 and E5 users. Dropbox recommends that prospective users contact their sales team to get their account and BAA setup right. For existing Dropbox Business E3 and E5, account administrators can sign a BAA electronically from the Account page in the Dropbox Admin Console.

Deciding if Dropbox is HIPAA Compliant for You

When evaluating Dropbox for HIPAA compliance, consider your existing security management process. Any software that stores or transmits PHI should be able to encrypt data, enforce role authorization, enable secure encryption key management, track user activity and any other features that support your HIPAA compliance processes.

If you have any questions about whether Dropbox is the right file hosting service to support your healthcare services, send Gazelle Consulting a message today or call 503-389-5666.

Share on facebook
Facebook
Share on google
Google+
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest

Popular Posts

  • How to Handle the Loss or Destruction of Medical Records

    Whether it be an delete happy IT admin, a theft, or a glitch in your system, lost health records can have an impact on your patients...

  • 2018’s Most Interesting HIPAA Violation Cases

    2018’s Most Interesting HIPAA Violation Cases

    Since the 2003, the Enforcement Act, an addendum to HIPAA that gave the OCR the right to enforce HIPAA on behalf of the HHS, we’ve seen an ever increasing number of fines and breaches.

  • The Specter of HIPAA Enforcement

    Who Enforces HIPAA?

    HIPAA, which stands for the Health Insurance Portability and Accountability Act, is enforced by the Office for Civil Rights (OCR), which is an arm of the Department of Health and Human Services (HHS).

  • Stronger HIPAA enforcement

    HIPAA Consent Form – How to Obtain HIPAA Authorization

    Earlier this month, the Office for Civil Rights (OCR) announced a new plan to strengthen HIPAA enforcement in response to criticism from the Office of Inspector General (OIG). The OCR will be beefing up their compliance investigations and expanding their audit program in 2016.

  • What is the Purpose of HIPAA?

    What is the Purpose of HIPAA?

    HIPAA compliance can be confusing. Is it HIPAA or HIPPA? Do I need to be HIPAA compliant? Who enforces HIPAA? Gazelle Consulting is here to answer your questions and help you to achieve compliance quickly and painlessly!