Box touts it's now HIPAA-compliant for hosting personal health records

The growing enterprise cloud storage company is aiming to expand its horizons and customer base with a portfolio of new apps built on the Box platform.


Box has been busy building up its community of partners as it preps for a potential IPO next year , and the latest step is a move to open up the customer base to the healthcare industry.

The Los Altos, Calif.-based company is formally announcing that it is both HIPAA and HITECH-compliant and now signing business associate agreements with clients.

This means that Box’s cloud-based services are compliant with the Department of Health and Human Services' publication of the Omnibus Final Rule in January 2013, which position the platform as a service for securely hosting personal health information and record files.

Julie O'Brien, industry marketing director at Box, explained via telephone on Monday that outlined the technology challenges facing hospitals and large medical groups, from a privacy perspective around HIPAA for protecting information to dealing with outdated (and sometimes inoperable) IT infrastructures.

Pointing towards some of the technology shifts in healthcare happening slowly but surely, O’Brien remarked that "every quarter or two there’s someone publishing the use of iPads by physicians."

"Given they are so mobile, it’s just part of their job," O’Brien described. "They need to be able to access information quickly -- anywhere, anytime."

O’Brien also explained why many companies might be reluctant from signing business associate agreements, noting that HIPAA-compliancy requires an "extensive list" of policies and controls that includes (but is certainly not limited to) physical access from datacenters, encryption, employee training, a full audit trail of activities about the user and content itself.


Box’s healthcare app ecosystem is starting off with 10 partners this week, which fall into four categories that O’Brien said are divided up based on some of the most pressing pain points in the healthcare industry.

Those categories consist of clinical documentation, care coordination, interoperability, and access to care.

Using these apps, some of the potential use cases include setting up secure cloud folders where a patient’s medical records can be saved and creating a space for collaborating on a patient’s diagnosis.

O’Brien stipulated that Box doesn’t "differentiate" its security services for whatever content might be stored in these folders, whether they are X-rays, hospital protocols, or documentation for continuing medical education. All of it is treated equally.

The platform apps for healthcare are available now on the Box Apps Marketplace.

Screenshots via Box