Hello - I have been using Dropbox for decades. My subscription is the $119 per year 2T plan. I am a psychotherapist and have been under the impression that my storage is HIPAA compliant and secured. However, now I am concerned that I misunderstood and that I have to upgrade my plan in order to ensure that it is secured. Please advise me on what to do to make sure I am in compliance.

cpizzulli wrote: My subscription is the $119 per year 2T plan. I ... have been under the impression that my storage is HIPAA compliant and secured. Individual and Family plans (Basic, Plus, Family, Professional, Essentials) are not HIPAA compliant. Only the Business team accounts are HIPAA compliant. https://www.dropbox.com/business/trust/compliance/HIPAA https://www.dropbox.com/business/plans-comparison#all-features

Ok so if I just upgrade to the business essentials plan I will be compliant?

Hey cpizzulli, I hope you're doing well! Are you referring to simply being HIPAA compliant, or about BAAs too? I'm asking because Dropbox supports HIPAA compliance and signs Business Associate Agreements (BAAs) with Dropbox team customers who require them as part of their HIPAA/HITECH obligations. To help you understand how we’re meeting our responsibilities under HIPAA/HITECH, you can request a mapping of our internal practices and recommendations for customers who are looking to meet the requirements of the HIPAA/HITECH Security and Privacy Rules with Dropbox team. You may also want to take a look at our “Getting Started with HIPAA” guide, which has tips for configuring your account once you’ve signed a BAA with Dropbox. If you're looking for something different, please let me know!

Hello, Megan - I am inquiring about both - I will need a signed BAA. But as you can see from the first reply to my question, I am concerned also that my individual plan is not secure. Please clarify.

cpizzulli wrote: I will need a signed BAA. But as you can see from the first reply to my question, I am concerned also that my individual plan is not secure. Please clarify. You'll need to be on a Business team account in order to get a signed BAA. Your current individual plan is not HIPAA compliant. https://help.dropbox.com/account-settings/business-associate-agreement

How to make sure I have the right plan in order to be HIPAA compliant?

Rich
Super User II
8 months ago
cpizzulli wrote:

My subscription is the $119 per year 2T plan. I ... have been under the impression that my storage is HIPAA compliant and secured.

Individual and Family plans (Basic, Plus, Family, Professional, Essentials) are not HIPAA compliant. Only the Business team accounts are HIPAA compliant.

https://www.dropbox.com/business/trust/compliance/HIPAA

https://www.dropbox.com/business/plans-comparison#all-features
- cpizzulli
  Explorer | Level 4
  8 months ago
  Ok so if I just upgrade to the business essentials plan I will be compliant?
Megan
Dropbox Staff
8 months ago
Hey cpizzulli, I hope you're doing well!

Are you referring to simply being HIPAA compliant, or about BAAs too?

I'm asking because Dropbox supports HIPAA compliance and signs Business Associate Agreements (BAAs) with Dropbox team customers who require them as part of their HIPAA/HITECH obligations.

To help you understand how we’re meeting our responsibilities under HIPAA/HITECH, you can request a mapping of our internal practices and recommendations for customers who are looking to meet the requirements of the HIPAA/HITECH Security and Privacy Rules with Dropbox team.

You may also want to take a look at our “Getting Started with HIPAA” guide, which has tips for configuring your account once you’ve signed a BAA with Dropbox.

If you're looking for something different, please let me know!
- cpizzulli
  Explorer | Level 4
  8 months ago
  Hello, Megan - I am inquiring about both - I will need a signed BAA. But as you can see from the first reply to my question, I am concerned also that my individual plan is not secure. Please clarify.
  - Rich
    Super User II
    8 months ago
    cpizzulli wrote:
    
    I will need a signed BAA. But as you can see from the first reply to my question, I am concerned also that my individual plan is not secure. Please clarify.
    
    You'll need to be on a Business team account in order to get a signed BAA. Your current individual plan is not HIPAA compliant.
    
    https://help.dropbox.com/account-settings/business-associate-agreement

Forum Discussion

How to make sure I have the right plan in order to be HIPAA compliant?

About Security and Permissions

Need more support

Related Content

Re: Order/sorting of folders and files in our subfolders changed

Is uploading and downloading files to and from Dropbox NIST compliant?

Not Receiving 2FA Email Code in order to access the account.

Files arrangement by order

Dropbox does not order by name correctly

Recent Discussions

Dropbox account seems to have been hacked, how can I proceed?

Delete my account; I've forgotten my password.

Accidentally deleted account. Can it be restored?

Enhancing security for Dropbox folders on shared macOS systems

How safe is Dropbox? Can they access user information?