3 Reasons Why Dropbox is NOT Secure for DICOM Medical Imaging Storage
If you’ve ever thought of sharing medical images or any other Protected Health Information (PHI) using Dropbox you are not alone. Dropbox is one of the most popular file sharing services and is on millions of desktop computers around the world. Of course HIPAA makes healthcare professionals shake in their boots when they consider whether Dropbox, or any other file sharing system, meets the HIPAA privacy test. But there is way more that you should consider before using file sharing for your medical images.
Reason #1 Medical Images are Enormous Files
The first reason to avoid Dropbox for medical image storage is both a security as well as a usability issue. Medical images are some of the densest and largest files that physicians work with. These files, which can be as large as several gigabytes, take up a significant amount of storage and bandwidth to transmit. When you load a file to Dropbox, it actually transmits these files among all the devices that you have linked to your account. If you are not careful, this private health information can end up on unintended devices. Besides, the last thing you want to be doing with files as large as medical images is physcially replicating them among all your devices including your smart phone or tablet. Most of us would prefer to keep that storage space open for more important things like photos of our kids, dogs or latest vacation. The transfer also sucks up bandwidth and if you are paying for data on your mobile phone network, this can cost you a significant sum.
Reason #2 Dropbox is NOT HIPAA Compliant
Dropbox itself is not HIPAA compliant. As a result they will not sign a Business Associates Agreement (BAA) that is generally required of a third party cloud provider. There are some add-in products that work with Dropbox files that allegedly will comply with HIPAA, but you are still subject to these files being copied to all sorts of devices that may get lost or end up in the wrong hands - furthering your compliance risks.
Reason #3 Do You Even Know Who You are Sharing Files With?
If you are a Dropbox user, perhaps you have shared a file or a directory with a third party. If you are like many other Dropbox users, you may have forgotten who you have shared a specific file with. Thus copying additional documents, potentially with Protected Health Information in them, to these shared files could be a disaster.
Dropbox has no audit trail for where your files have traveled. Without this, you are subject to your own faulty memory or ensuring your security controls are always current to avoid transmitting protected information to someone without the appropriate privilege to receive this information. And there is virtually no way to recapture your secure files should they get into the wrong hands.
So if Dropbox isn’t the Answer, What About the Old Standby: CDs or DVDs?
Of course you could revert back to copying patient images onto CDs or DVDs. But we all know how burdensome and time consuming copying these large DICOM files can be. The propensity to copy incorrect data or damage the physical disk adds to the anxiety and expense of this process. Even worse, should these discs get into the wrong hands through loss, human error or just plain negligence, you again can risk a HIPAA violation.
The Optimal Way to Share Medical Images is in a Purpose-Built Cloud
Purpose-built cloud storage and sharing of medical imaging puts security, ease-of-use and audit tracking at the forefront. Purview offers just such a cloud medical imaging platform. With Purview ViVA your medical images are copied once to the cloud using a secure encrypted protocol. They are stored behind the appropriate electronic protections in our data center and are not copied or downloaded when referred to other physicians or even patients. When a physician or patient with appropriate secure credentials wants to access an image, they simply get a window into this storage while the image remains safely locked away. In this way, your PHI is maintained in a secure environment, yet available on demand, anywhere, anytime on any device.
A complete audit trail provides a bread-crumb track of who and when medical images are viewed.
Even when HIPAA is not required, as with Veterinarians or countries not covered by this or similar regulations, we find the simplicity and cost of sharing and accessing medical images alone is worth using Purview ViVA.
A current Purview client even went so far as to say:
“Gone are the days of using Dropbox, Wetransfer and shipping CDs to share our medical imaging. Purview enables me to easily send our CT scans to other clinics, saving valuable time every day,” said Dr. Guillaume Combes of Anovet located near Normandy, France.
Purview ViVA has served physicians and Veterinarians around the globe with secure, cloud-based access and sharing of medical images for over ten years. So perhaps a better question to ask yourself than, "Is Dropbox secure for DICOM medical imaging storage?" would be, "How do I learn more about safe, secure and easy-to-use alternatives?"
To Learn More About Purview's Alternative to Dropbox, Watch our ViVA Demo Today: