Not until you have a business associate agreement in place with the company.ĭropbox will sign a BAA with HIPAA covered entities – but to avoid violations, this must be obtained before you upload any file containing PHI to a Dropbox account. The Department of Health & Human Services (HHS) mandates that a covered entity may use a cloud service provider (CSP) to store or process PHI, provided the entity “enters into a HIPAA-compliant business associate contract or agreement (BAA) with the CSP that will be creating, receiving, maintaining or transmitting electronic protected health information (ePHI) on its behalf and otherwise complies with the HIPAA rules.” Business associates are therefore subject to HIPAA rules. In addition, in 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act extended HIPAA’s requirements to include a covered entity’s business associates.Ī business associate is any service provider that has access to the PHI of a covered entity. healthcare providers, plans and clearinghouses – must implement adequate safeguards to preserve the confidentiality, integrity and availability of healthcare data. Under HIPAA’s Security Rule, HIPAA covered entities – i.e. The Health Insurance Portability and Accountability Act has strict requirements regarding the storage of PHI. HIPAA Requirements for File Hosting Services
That said, it is possible to make use of Dropbox as a file storage and sharing system and avoid HIPAA violations – but it does require careful configuration.
IS DROPBOX SECURE SHARE HIPAA COMPLIANT SOFTWARE
Out of the box, Dropbox isn’t HIPAA-compliant by design – no software is, in fact, as it all depends on how that software is used. It’s one of the most widely-used cloud-based file storage and sharing services – but is Dropbox HIPAA-compliant? It’s an important question that all healthcare providers and other organizations that deal with protected health information (PHI) need to ask before using Dropbox at their practice.
0 kommentar(er)
