Is Dropbox HIPAA Compliant?
Feb 11, 2014
For any healthcare professional, the Health Insurance Portability and Accountability Act (HIPAA) has been a constant focus, as the set of regulations must be adhered to in order to protect patient information. Many medical staff members may have their own personal Dropbox account and may want to use it for work purposes, but whatever system is used, it must live up to HIPAA standards.
Dropbox is a popular consumer-grade solution, but it simply does not have the protection needed to be a HIPAA compliant cloud storage platform. According to the company, Dropbox does not have HIPAA certifications, or services for several other industry compliance regulations. While the vendor continues to work toward gaining an enterprise-based audience, cloud encryption and other security measures will need to be added to protect sensitive assets.
Healthcare IT News noted that in order to ensure the protection of health information, the organization must have Dropbox sign a business associate agreement. However, the provider has not been inclined to follow through with these needs. If Dropbox were to comply with the document, they would be taking responsibility for following HIPAA standards, which they still do not support.
“We had researchers who were in two different countries and wanted to collaborate on their research project using Dropbox, and they were told, ‘Here’s the BAA, send it out to Dropbox and see if they’ll sign it,’” said Stephanie Musso RN, privacy officer at Stony Brook University Hospital. “The answer came back, ‘Absolutely not.’”
Rather than going through the red tape involved with Dropbox, healthcare organizations can easily invest in an enterprise-grade solution that has the features they need to remain HIPAA compliant. With security tools like cloud encryption and HIPAA compliant cloud storage solutions such as Memeo C1, staff will be able to utilize their system effectively and collaborate with their peers without the hassle of Dropbox limitations.