cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Check out the Dropbox cheat sheet for getting started in 2021 here!

Discuss Dropbox Developer & API

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Proposed design for uploading and sharing to Dropbox for Healthcare customers

Proposed design for uploading and sharing to Dropbox for Healthcare customers

Explorer | Level 3

I'd like to get feedback about whether my plan for using the APIs is a good fit for our use-case.

 

Use case:

Our company produces files, and some of our customers who have "Dropbox for Healthcare" accounts want us to deliver files to their accounts.

 

Planned use of APIs:

1) Create a "basic" Dropbox account. Would uploads to this be covered by Dropbox's HIPAA BAA? How would we get a BAA from Dropbox?

 

2) Create one top-level folder per customer, and use a sharing API to invite a list of customer email addresses to the folder.

 

3) Every time we create a new file for a customer, auto-upload it to a path under their top-level folder.

 

4) If a recipient edits, renames, or deletes a file we delivered, we can safely ignore any API notifications because we don't need their edits.

 

Our expectation is that, once each customer recipient accepted their sharing invitation, they would place the shared folder whereever they want in their own folder structure, and whenever we upload a file to a shared folder, the invited users would silently receive a copy of the upload.

 

Is this plan the best use of the APIs for our use-case?

1 Accepted Solution

Accepted Solutions

Re: Proposed design for uploading and sharing to Dropbox for Healthcare customers

Dropboxer

Yes, using a full Dropbox API app to upload to a shared folder like that would work.

View solution in original post

3 Replies 3

Re: Proposed design for uploading and sharing to Dropbox for Healthcare customers

Dropboxer

I'm happy to help with any technical questions or issues you have regarding the Dropbox API, but I can't offer HIPAA policy or legal guidance. For information on HIPAA/BAA on Dropbox, please refer to this help article: https:confused face:/help.dropbox.com/accounts-billing/security/hipaa-hitech-overview

 

As for the technical aspects of using the Dropbox API described here, if I understand correctly, it sounds like you would have just a single Dropbox account connected to your API app, containing all of the files for all of your end-users, is that correct?

 

Note that the Dropbox API was designed with the intention that each end-user would directly connect their own Dropbox account to the API app, in order to interact with their own files. It is technically possible to connect to just one account, by always using a specific access token. Please be aware that we don't recommend doing so, for various technical and security reasons. (Most of the security concerns are allayed if you're building a server-side app where you can keep the access token secret on the server though.)

Re: Proposed design for uploading and sharing to Dropbox for Healthcare customers

Explorer | Level 3

Yes, our use of the API would be exclusively via a server-based process (that keeps its credentials in env vars instead of its code).

 

My main technical question is: Would creating one top-level folder per customer, and inviting the customer's users via their Dropbox-registered email addresses, allow us to deliver files to those users by having our server upload to that folder whenever we have a new file to deliver to them?

Re: Proposed design for uploading and sharing to Dropbox for Healthcare customers

Dropboxer

Yes, using a full Dropbox API app to upload to a shared folder like that would work.

View solution in original post

Work Smarter with Dropbox

The way we work is changing. Share and discover new ways to work smarter with Dropbox in our community.

Sound good? Let's get started.
Who's talking

Top contributors to this post

What do Dropbox user levels mean?
Need more support?