Saturday, April 28, 2012

Dropbox for iOS and Android: A great way to share files, but is it secure enough for health professionals?

I recently installed dropbox on several of my devices (Android tablet, iPhone, Dell Windows 7 laptop and Macbook pro).

I was immediately amazed at how easy it became to share files (e-books, PowerPoint presentations, documents, videos etc.) to all my devices and my colleagues. I could now download a few articles at home, put them in my dropbox and read them on the train on my way to work. No more need for my usb memory stick and no more headaches when trying to get files on my iPad or iPhone.

I was left with one question. What about the  privacy and confidentiality settings. I have always been cautious when using cloud base services because I am hesitant about letting others safeguard my confidential information.

Unfortunately Dropbox is not currently HIPAA compliant, but I was surprised to see that it was sensitive to the issue. Further diligence should be exercised when using mobile devices as well. As is described in their Security overview page "Your files are sent between Dropbox’s mobile apps and our servers over a secure channel using 256-bit SSL encryption where supported. Not all mobile media players support encrypted streaming, so media files streamed from our servers are not always encrypted".

Overall, I am happy with Dropbox. It will help my colleagues and I share non confidential information easily and help us increase productivity. You may be interested in how Dropbox compares to competitors such as Microsoft (SkyDrive) and Google (Google Drive) on proprietary matters. Here is a legal commentary on who owns your data by John Halton and Kathryn Leslie.

If you want to try Dropbox [Click here] - It's free and very easy to use.
Sylvain Roy, Ph.D
Join me on LinkedIn
Follow us on Twitter @ PsychMobileTech


  1. The other item to setup on mobile devises and laptops with PHI is encryption. This is not available on many devices. And requires add on software for most laptops.

    Without encryption a lost or stolen device is a reportable loss of PHI.

  2. These services are simply not designed for high security. So I'd be careful about using them for major health info database applications.

    That said, they are still useful. If you are writing letters about clients in the office and at home, Dropbox is as secure as the flash drives you are already using. Encrypt the files using software on your own machines, and the data in the cloud will be reasonably secure.

    The question is not about HIPPA certification, it's about your level of diligence in your day-to-day routines.


  3. Hi Steve - the IT guys and I are always talking about the issue. Bitlock on mobile devices will be a great feature. I'm sure we will see it some day. Paul, diligence is always a must, and like you I probably would not store my neuropsych test data on there. Thanks for your input.

  4. INtereseting discussion. How do I encrypt documents before 'dropping' them into drop box?

  5. I always password protect documents. It's one first layer of protection.