Box touts it's now HIPAA-compliant for hosting personal health records

Summary:The growing enterprise cloud storage company is aiming to expand its horizons and customer base with a portfolio of new apps built on the Box platform.


Box has been busy building up its community of partners as it preps for a potential IPO next year , and the latest step is a move to open up the customer base to the healthcare industry.

The Los Altos, Calif.-based company is formally announcing that it is both HIPAA and HITECH-compliant and now signing business associate agreements with clients.

This means that Box’s cloud-based services are compliant with the Department of Health and Human Services' publication of the Omnibus Final Rule in January 2013, which position the platform as a service for securely hosting personal health information and record files.

Julie O'Brien, industry marketing director at Box, explained via telephone on Monday that outlined the technology challenges facing hospitals and large medical groups, from a privacy perspective around HIPAA for protecting information to dealing with outdated (and sometimes inoperable) IT infrastructures.

Pointing towards some of the technology shifts in healthcare happening slowly but surely, O’Brien remarked that "every quarter or two there’s someone publishing the use of iPads by physicians."

"Given they are so mobile, it’s just part of their job," O’Brien described. "They need to be able to access information quickly -- anywhere, anytime."

O’Brien also explained why many companies might be reluctant from signing business associate agreements, noting that HIPAA-compliancy requires an "extensive list" of policies and controls that includes (but is certainly not limited to) physical access from datacenters, encryption, employee training, a full audit trail of activities about the user and content itself.


Box’s healthcare app ecosystem is starting off with 10 partners this week, which fall into four categories that O’Brien said are divided up based on some of the most pressing pain points in the healthcare industry.

Those categories consist of clinical documentation, care coordination, interoperability, and access to care.

Using these apps, some of the potential use cases include setting up secure cloud folders where a patient’s medical records can be saved and creating a space for collaborating on a patient’s diagnosis.

O’Brien stipulated that Box doesn’t "differentiate" its security services for whatever content might be stored in these folders, whether they are X-rays, hospital protocols, or documentation for continuing medical education. All of it is treated equally.

The platform apps for healthcare are available now on the Box Apps Marketplace.

Screenshots via Box

Topics: Cloud, Enterprise Software, Social Enterprise, Start-Ups, Storage


Rachel King is a staff writer for CBS Interactive based in San Francisco, covering business and enterprise technology for ZDNet, CNET and SmartPlanet. She has previously worked for The Business Insider,, CNN's San Francisco bureau and the U.S. Department of State. Rachel has also written for, Irish Americ... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.