Dropbox is a cloud-based collaboration and file-storage service that includes cloud storage, tools, and integrations with other services. You can use it to create, edit, share, and collaborate on cloud-based content.
Dropbox at U-M provides a secure environment in which to maintain or share university data, including some types of sensitive regulated data classified as High.
- As a best practice, you should use a Dropbox team folder when sharing and storing sensitive data in Dropbox (data classified as High), and you are highly encouraged to use team folders more broadly for workflow and collaboration. Dropbox team folders are not yet available, but ITS is working to implement them for the U-M community.
- Data classified as Restricted may not be maintained or shared in Dropbox.
Dropbox allows you to synchronize data in the cloud and on your devices. If you store and synchronize data in locations other than the Dropbox cloud storage, you will also need to follow any sensitive data restrictions for the devices and storage locations to which you synchronize.
U-M's agreement with Dropbox includes a Business Associate Agreement (BAA). This means individuals may use this service to maintain Protected Health Information (PHI) regulated by HIPAA. Complying with HIPAA's requirements is a shared responsibility. Users sharing and storing PHI in U-M Dropbox are responsible for complying with HIPAA safeguards, including:
- Use a Dropbox team folder.
- Use and disclose only the minimum necessary PHI for the intended purpose.
- Obtain all required authorizations for using and disclosing PHI.
- Ensure that PHI is seen only by those who are authorized to see it.
- Follow any additional steps required by your unit to comply with HIPAA.