Can I use Dropbox for storing healthcare data?

May 15, 2012

First of all, I’m a great fan of Dropbox.  It’s easy to use, fast, runs on Windows, Mac and Linux  and that means you can share files with colleagues and patients for consultations because that old assumption (that a lot of vendors still make by the way) that everyone is on Windows just isn’t true these days.  People have Windows 7, Mac, Ubutu 12.04, Android smart phones, iPads and they all run Dropbox.
When you have multiple Dropbox clients configured, your files will be instantly synchronized between all your devices when they come online. I use it daily to exchange files between my Android phone, Android tablet and Ubuntu desktop. Any change performed in the monitored folder is immediately synchronized with the other devices. My colleague Sharon, who has an iPad3 and a iMac, is synchronized with me and we can quickly exchange files regarding cases we are working on together especially leading up to our weekly review meeting.

Dropbox – public by design

Dropbox is easy but is it private?  The short answer is that you should not store PHI (protected health information on Dropbox – since they share data with third party applications and service providers, but the real reason is you should not use Dropbox for sharing healthcare information with patients is simply that it is not private by design.  Everyone who shares a folder in your dropbox sees all the files in the dropbox.
From the Dropbox Privacy policy:

We may collect and store the following information when running the Dropbox Service:
Information You Provide.   When you register an account, we collect some personal information, such as your name, phone number, credit card or other billing information, email address and home and business postal addresses.
Personal Information.   In the course of using the Service, we may collect personal information that can be used to contact or identify you (“Personal Information”). Personal Information is or may be used: (i) to provide and improve our Service, (ii) to administer your use of the Service, (iii) to better understand your needs and interests, (iv) to personalize and improve your experience, and (v) to provide or offer software updates and product announcements.
Service Providers, Business Partners and Others.   We may use certain trusted third party companies and individuals to help us provide, analyze, and improve the Service (including but not limited to data storage, maintenance services, database management, web analytics, payment processing, and improvement of the Service’s features). These third parties may have access to your information only for purposes of performing these tasks on our behalf and under obligations similar to those in this Privacy Policy.
Third-Party Applications.   We may share your information with a third party application with your consent,
Data retention. We may retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Privacy of healthcare information by design

If you want to have complete control and privacy of data that you share with patients, you need a controlled, private social network for healthcare that ensures no overlap between patients and no overlap between physician networks.  This is privacy by design.

More Articles