Torie Jones, former chief privacy officer at University of Pennsylvania Health System, had an ironclad rule in place for her staff: “No PHI in the cloud until you have a BAA in place.”

For most cloud-based vendors, those who are used to the specific demands of working in healthcare, getting that business associate agreement in place wouldn’t be much of a problem.

But when it comes to using the the popular file hosting service Dropbox, that all-important contract isn’t something that’s readily forthcoming.

read more

…read more