HIPAA and HITECH regulations with Dropbox

Dropbox makes it easy to adopt the digital and technical tools that help enable your business to be HIPAA and HITECH compliant.

An example data dashboard

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) rely on technology for security and privacy in healthcare.

Collaborators writing on a whiteboard

Who’s affected by HIPAA/HITECH compliance

Hospitals, doctor and dental offices, chiropractic clinics and those who interact with protected health information (PHI) may be subject to HIPAA/HITECH.

Someone writing on a transparent surface

Adopting best practices for HIPAA and HITECH

Dropbox makes it as easy as possible to keep your account secure and meet legal requirements.

While it's up to you to comply with your regulatory obligations, Dropbox has a framework of recommendations to help keep your data safe and your accounts secured by:

Configuring sharing permissions

Two-step verification


Disabling permanent deletions

Signing a Business Associate Agreement(BAA) with Dropbox

Understanding the role of third-party apps

Strengthen the security of your PHI

There is a robust ecosystem of third-party apps that you can link to your Dropbox Business account to gain added functionality. Integrations that provide services such as SIEM, DLP and identity management can be powerful tools in strengthening your existing security practices.

Streamline HIPAA Compliance

Security information and event management (SIEM)

Oversee and manage employee activity, and access sensitive data.

Data loss prevention (DLP)

Protect sensitive data like PII and PCI stored in your Dropbox Business accounts.

Identity management

Keep your Dropbox Business team authenticated with an external identity provider like Active Directory.