Dropbox announced at the Dropbox Open event that their business product is now HIPAA compliant. Dropbox Business is a business version of the consumer file sync product. Dropbox announced that they will sign a HIPAA Business Associate Agreement (BAA) for the Dropbox Business product.
Dropbox now supports HIPAA-regulated businesses
Big news for companies that handle Protected Health Information (PHI): We’re now signing Business Associate Agreements (BAAs) to help customers meet HIPAA and HITECH Act compliance obligations. A BAA signifies we’re taking steps to protect PHI, keeping this data secure and private.
This is good news for organizations that want to use Dropbox. It is important to point out that the consumer version of Dropbox is NOT HIPAA compliant and Dropbox will not sign a HIPAA BAA for users of the Dropbox consumer product. What is not clear is how the Dropbox Business and Dropbox Consumer products work together. If an organization is using Dropbox Business and is able to share with Dropbox consumer then Protected Health Information (PHI) could move from Dropbox Business to Dropbox Consumer which could cause issues with HIPAA compliance.
Dropbox is light on details at the moment but it is safe to assume that they will fill in the blanks shortly. This is a big step for Dropbox. We have many clients that want to use Dropbox for Patient information / PHI. With this announcement they may be able to in the near future.