Dropbox at U-M

Service Description 

Dropbox is a cloud-based collaboration and file-storage service that includes cloud storage, tools, and integrations with other services. You can use it to create, edit, share, and collaborate on cloud-based content.

Compliance 

Dropbox at U-M provides a secure environment in which to maintain or share university data, including some types of sensitive regulated data classified as High.

Dropbox allows you to synchronize data in the cloud and on your devices. If you store and synchronize data in locations other than the Dropbox cloud storage, you will also need to follow any sensitive data restrictions for the devices and storage locations to which you synchronize.

Dropbox also allows integrations with other products. Similarly, you must follow any sensitive data restrictions for the products you integrate Dropbox with. For example, see Dropbox: Google Drive and Microsoft Office Integrations with PHI and HIPAA-Regulated Data (ITS Knowledge Base).

U-M's agreement with Dropbox includes a Business Associate Agreement (BAA). This means individuals may use this service to maintain Protected Health Information (PHI) regulated by HIPAA. Complying with HIPAA's requirements is a shared responsibility. Users sharing and storing PHI in U-M Dropbox are responsible for complying with HIPAA safeguards, including:

  • Use a Dropbox Team Folder.
  • Use and disclose only the minimum necessary PHI for the intended purpose.
  • Obtain all required authorizations for using and disclosing PHI.
  • Ensure that PHI is seen only by those who are authorized to see it.
  • Follow any additional steps required by your unit to comply with HIPAA.

Additional Resources