HIPAA-compliant Dropbox: Secure File Sharing at LuxSci

Published: July 13th, 2016

Want to set up a public dropbox for sharing sensitive files but still remain HIPAA-compliant?  This is now a snap for anyone with a HIPAA-compliant LuxSci account.

LuxSci has long provided online cloud-based secure file storage and sharing via its Documents WebAide service, which is included with all accounts as part of our suite of collaboration tools (calendars, tasks, address books, files, notes, links, password libraries, and user groups).  Now, in addition to being able to share files internally with other users, groups, and accounts, LuxSci customers can securely share files with anyone on the Internet.

How to Share

There are many ways to access the dialog box used for sharing WebAides with others.  Here is one:

Step 1: Go to your Document’s WebAides

Select “Documents” from the “WebAides” menu in LuxSci, or follow this link:

Documents WebAides Page

Step 2: Open the sharing dialog box

In the lefthand tree menu, right click on the name of the Documents WebAide that you would like to share and choose “Share WebAide” from the pop-up menu.

Alternately, simply click on the name of the Documents WebAide that you want to share and then click on the gear icon  and choose “Sharing” from the menu that pops up.

Step 3: Share with an External Person

For Documents WebAides, there is a new “Share this WebAide with” option called “External Person.”  You can enter any email address here and set the level of access desired:

  • New Entry — Permit uploading files
  • Read — Permit downloading files
  • Delete — Permit deleting either any file or only files uploaded by the sharer.

This allows you to share these WebAide folders as:

  1. Download (read only) access
  2. Upload (add files only) access
  3. Collaborative (upload, download, and maybe delete) access

When you share the Documents WebAide with someone, they’ll receive a notification email to inform them of their new access.  This email (which is customizable via Private Labeling) includes a link that can be used to access these files.

How are the shared files accessed?

The person with whom you have shared your files will access them though the LuxSci SecureSend portal (whose look and feel is also customizable via Private Labeling). If the person does not have a free account yet, they will need to register to gain access.

Once logged in, the person can access, drag-and-drop upload, download, and delete the shared files (based on their level of access granted).  If multiple folders of files have been shared with this  person, then they can browse the various accessible folders.  The individual can also send secure email messages to SecureLine-licensed LuxSci users.

How is this secure and HIPAA-compliant?

The file sharing is HIPAA-compliant due to the Business Associate Agreement that the LuxSci customer will sign with LuxSci.  Furthermore, the file-sharing service is secured on top of LuxSci’s normal controls by:

  1. AES-encrypted at rest file storage
  2. TLS-encrypted transmission of all data
  3. Required unique user access controls via usernames and passwords
  4. Logging of:
    1. All portal logins
    2. All file uploads
    3. All file downloads
    4. All file deletions
  5. Automatic logoff (customizable with Private Labeling)
  6. Customizable password-strength controls (with Private Labeling)

Controlling Access to the External Sharing Feature

Some customers may not want their users sharing files externally; they may want to restrict sharing and/or keep it all internal to their organization. As such, account administrators can turn external sharing on or off for their account.  Under “Advanced Administration > Collaboration > Shared Access” on the account admin homepage, you can set whether external sharing is allowed only for administrators or for all users in your account.  By default, external sharing is permitted only for account administrators.

Leave a Comment


You must be connected or logged in to post a comment. This is to reduce spam comments.

If you have not previously commented, you can connect using existing social media account, or register with a new username and password.