Looking for a Business Associate Agreement? Download our FREE starter template.
Total HIPAA Logo

Guest Blog: Maintaining HIPAA Compliance with Dropbox

I am still traveling this week, and we are running another guest blog. This is from our friends at Sookasa. They have a great, HIPAA compliant file sharing service. On to the blog:

A doctor looks up at the departure board in the airport and sees that his flight has been delayed, again. He gets up for a quick cup of coffee, leaving his luggage and laptop bag behind. He’s gone for only a couple of minutes, but when he comes back and sees the computer missing, his heart sinks.

He hasn’t just lost his machine. The computer was full of patient records, downloaded from a cloud file-sharing site, and none of them are protected. In those two or three minutes that it took to get a coffee, the administrator has exposed his organization to an enormous potential liability.

The scenario isn’t uncommon. New HIPAA HITECH regulations require healthcare organizations to report to the U.S. Department of Health and Human Services any time an employee loses or accidentally shares information about 500 or more individuals at one time. In such cases, healthcare organizations can not only be fined up to $1.5 million but can also face civil suits over the privacy breach. With 12,000 laptops stolen each week at U.S. airports alone, it’s not surprising that more than 60 percent of reported HIPAA violations are the result of lost or stolen devices.

The problem is exacerbated by cloud sharing services, where a single device can be synchronized to thousands of files containing protected health information. Increasingly, professionals in all industries rely on file-sharing sites like Dropbox to share documents across their organizations. These services do a good job of safeguarding patient files while the data sits on their servers, but they have no way of protecting the documents once they’re downloaded to a device.

Here are three ways that cloud file-sharing services like Dropbox and Box create new risks and challenges for healthcare organizations attempting to maintain HIPAA compliance:

1. Syncing – File sharing services allow professionals to sync thousands of files containing protected health data onto their personal unencrypted laptops or mobile devices. Theft or exposure of these devices can cause a massive HIPAA breach.

2. Unintentional Sharing – Some HIPAA breaches occur when people using Dropbox or Box simply type in the wrong contact information, accidentally sharing thousands of patient files with the wrong person.

3. Lack of Auditing – To ensure HIPAA compliance while using Dropbox or Box, healthcare administrators must be able to track who opened which files on what devices. However, most file sharing services only provide auditing for files when they’re stored on the cloud, and even then, these audits don’t necessarily comply with HIPAA.

Cloud applications and mobile file access provide significant productivity gains by allowing employees to access files from anywhere, synchronize their data across disparate locations, and share and collaborate seamlessly with colleagues. And yet, the challenges surrounding HIPAA compliance are causing some healthcare organizations to consider banning the services.

Sookasa presents a solution. The Sookasa Cloud Compliance Service provides a complete compliance “shield” around files stored on Dropbox, converting the files into HIPAA safe havens – even when the documents are downloaded onto new devices.

Here’s how it works: Sookasa encrypts, audits, and controls access to files anywhere they go. Only trusted users can open the documents, so there’s no risk of an employee accidentally sharing information with unauthorized third parties. Sookasa also allows administrators to revoke access to any user or device, meaning patient data can be blocked, even if a device is lost or stolen.

Sookasa also allows organizations to monitor access to their data and generates audit trails that show who accessed and changed any file. That makes it possible to prove no unauthorized parties have viewed sensitive data on a lost device.
Cloud applications are here to stay, and their use among healthcare practitioners is bound to increase. With Sookasa, healthcare organizations can ensure their transition to the cloud is a safe and smooth one.

By:Asaf Cidon
Google+

Sharing is caring!

Documents

Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.

Download Now

Let's keep in touch

Stay up to date on the latest HIPAA news, plus receive tons of free tools and info.

Navigating HIPAA Compliance in 2023

Watch the recording of this webinar to learn more about how you can become and stay HIPAA compliant!

Document

Related Posts

What is Access Control in terms of HIPAA?

What is Access Control in terms of HIPAA?

Access control, in terms of cybersecurity, refers to the practice of managing and regulating who can access specific resources, systems, or data within an organization's network or information...

Comparing HIPAA and NIST

Comparing HIPAA and NIST

In the ever-evolving landscape of data security and privacy, two key frameworks have emerged as significant players: HIPAA and NIST. Both emphasize the importance of safeguarding sensitive...

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Your cart email sent successfully :)