[p_j_w]

>Onedrive is fine, but dropbox is not for some reason

As far as I know, it's possible to get OneDrive even HIIPA compliant, but I don't think so for Dropbox.

[eszed]

Dropbox claims that it can achieve HIPAA-compliance, and I personally know two (large and serious) organizations who use it as such.

https://help.dropbox.com/security/hipaa-hitech-overview

In keeping with the theme of the OP, I don't know if that's been tested in court, soooo... Take that all for what you will.