What is HIPAA/HITECH?
HIPAA/HITECH refers to two laws:
- The Health Insurance Portability and Accountability Act (1996)
- The Health Information Technology for Economic and Clinical Health Act (2009)
These laws aim to encourage the proliferation of technology in the healthcare industry, while building protections for the security and privacy of health information. Organizations like hospitals, doctors' offices, and dental practices, as well as individuals who interact with protected health information (PHI) may be subject to HIPAA/HITECH. This may also extend to companies that work with these businesses and come into contact with PHI on their behalf.
HIPAA/HITECH key terms
Protected Health Information (PHI)
Individually identifiable information that relates to someone's past, present, or future:
- Medical or psychological condition
- Provision of medical service
- Payments for medical service
Covered entity
A covered entity is a health plan, health care clearinghouse, or health care provider. These categories include hospitals, clinics, doctors, and others who create, receive, or transmit PHI. Because of their contact with PHI, covered entities are responsible for the privacy and security of that information under HIPAA/HITECH.
Business associate
A business associate is an entity which creates, receives, maintains, or transmits PHI on behalf of a covered entity and is therefore also subject to HIPAA/HITECH rules.
Business associate agreement (BAA)
A BAA is a contractual assurance from the business associate to the covered entity that they follow HIPAA's requirements. This agreement must be in place before the transfer of PHI from the covered entity to the business associate.
Is Dropbox HIPAA/HITECH Certified?
There is no official HIPAA/HITECH certification. To help you understand how we're meeting our responsibilities and requirements under HIPAA/HITECH, you can go to our Dropbox Trust Center. This provides prospective and existing customers with self-serve access to essential security, reliability, privacy, and compliance documentation. You can find everything you need to know in a convenient, centralized location.
How to access the Dropbox Trust Center