Medical Billing Forum
HIPAA => HIPAA => : PMRNC January 26, 2013, 02:07:48 PM
-
I don't use Drop Box, but I know many who do.. well you might want to rethink it:
Is Dropbox HIPAA, FERPA, SAS 70, Safe Harbor, ISO 9001, ISO 27001,or PCI compliant?
« Back to Help Center
Dropbox complies with the U.S. – E.U. Safe Harbor Framework and the U.S. – Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland.
Unfortunately, Dropbox does not currently have HIPAA, FERPA, SAS 70, ISO 9001, ISO 27001, or PCI certifications. We'll update this page with any new certifications as we receive them.
https://www.dropbox.com/help/238/en
-
Wait, people use Dropbox in the Healthcare field? The first thing anyone should be checking before using any cloud service is if they're equipped to handle the Healthcare field.
-
Yes, I've heard of people using them and other backup providers such as Carbonite. I myself use Efax however they have a HIPAA security version to which they charge extra for. :)
-
http://www.carbonite.com/en/Files/Carbonite-HIPAA-fact-sheet.pdf
what's wrong with Carbonite?
-
That's crazy and very dangerous. Here is the thing there is a huge difference between a company saying they're HIPPA compliant and them willing to actually sign the BAA's with doctors, billing co's, insurance, etc. Meaning they're willing to shoulder the blame if their cloud service isn't up to snuff. I don't want just certification I want the BAA too. There are tons of company who are now doing this since Verizon and Microsoft now offer a BAA with their cloud services. Many weren't and still aren't and I personally stay away from them. We use Verizon's cloud service but plenty of my clients use Microsoft's.
-
Carbonite is fine, I was only using them as an example: According to Carbonite they are HIPAA compliant:
Business Associates: A business associate agreement is not required with Carbonite. These agreements are between covered entities where there is a reasonable probability that protected health information can be accessed. The self-managed encryption key specifically blocks Carbonite from accessing backed up data.
I MIGHT ask them to sign a BAA anyway though.. just suggestion :)
-
:) yep, I always sign BAAs! you ladies rock!
-
I have been using Carbonite for a year now and Like it.
-
Now I am using carbonite for backup. Previously I was using dropbox, but trust me carbonite is better .
-
I like Carbonite too. Every once in a while I go in and make sure it's doing it's "thang". I keep all my clients files on a spare drive and do NOT have Carbonite back that up, rather I do that manually as it's just a layer of security to ease my own paranoia. If you are using any backup system online remember that you are backing up what you have, so let's say you have adware/spyware/malware on there.. guess what.. now it's on your backup AND out there. I have my system maintenance scheduled before my backkup JUST in case. I do full system scan (spyware, virus, etc) and then it runs backup. Just thought I would add that.
-
Yes, I have been using Carbonite
-
Carbonite is very useful if you need to use it have all medical requirements
-
It's interesting that you bring this up, as I just had a discussion on using Trello for workflow = https://trello.com.
In case anyone is wondering, Trello doesn't seem to be HIPAA compliant: https://community.atlassian.com/t5/Trello-questions/Is-Trello-HIPAA-compliant/qaq-p/461876