Q&A: Using file sharing services

Q: Is sharing a file from our office’s Dropbox with a specialist considered HIPAA compliant without additional encryption?

A: Yes, as long as your office has executed a BAA with Dropbox. Dropbox is willing to execute a BAA and claims to be HIPAA compliant.

Editor's note: This question was answered by Chris Apgar, CISSP, for Briefings on HIPAA. Apgar is president of Apgar & Associates, LLC, in Portland, Oregon. He is also a BOH editorial advisory board member. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Opinions expressed are those of the author and do not represent HCPro or ACDIS.