HIPAA has more requirements than just encryption.
The problem isn't the S3 backend, it's the interface to that backend. Since you can see the metadata (author,date,file name, etc.) of the files saved to DropBox, it's technically not HIPAA compliant. The files are encrypted but the metadata is not.
Furthermore, there are no audit controls. With my iBackup, I can see my activity. What files/folders were downloaded and by whom. Something not available with DropBox.
I guess it would be okay if you were strictly using it for .enc backups and nothing else. This is where other services instantly become more beneficial.
.png "ACUF Donor I")
