Clipboard and smartphone with checkmarks


Dropbox now supports HIPAA and HITECH Act compliance


Published on November 06, 2015

Update (April 10, 2019): Dropbox Paper can now be used as part of your HIPAA/HITECH compliance strategy. You can enable it by visiting the Settings page in your admin console and navigating to the Paper page.

Update (May 26, 2017): If your team has signed a HIPAA business associate agreement with Dropbox, you will not have access to Paper. We don’t currently offer HIPAA compliance support for Paper.

Update (February 23, 2016): If you’re a Dropbox Business team admin, you can now sign a BAA electronically from the Account page in the Admin Console.

Whether it’s standards widely accepted or up-and-coming, we’re dedicated to supporting our customers’ compliance needs. So we’re happy to share some exciting news: Dropbox now supports HIPAA and HITECH Act compliance for our customers. It’s an important milestone that allows businesses in the healthcare, pharmaceutical, and insurance industries to use Dropbox to work smarter.

The Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) were designed to spread the use of technology in the healthcare industry. At the same time, the two acts aim to keep health information secure and private. HIPAA/HITECH typically applies to organizations like hospitals, doctor's offices, and other businesses that handle Protected Health Information (PHI). This often extends to companies that work with these businesses and come into contact with PHI on their behalf.

If you’re a customer subject to HIPAA/HITECH regulations, we’ll now sign a Business Associate Agreement (BAA) with you. Under a BAA, we’re committed to take certain steps to help you safeguard Protected Health Information (PHI).

We’re also committed to doing our part to help customers integrate Dropbox into their compliance strategies. Upon request, we’ll provide a mapping of our internal practices and recommendations for customers who are looking to meet the HIPAA/HITECH Security and Privacy Rule requirements with Dropbox Business. And to help you configure best practices for your Dropbox deployment, we’ve put together a Getting Started with HIPAA guide.

If you’re an existing customer looking to expand Dropbox to parts of your business that handle PHI, contact your account management team. Not yet a customer? Contact our sales team. And be sure to check out our  Help Center, or visit our Trust Guide to learn more about Dropbox Business standards and regulations compliance.