Online Backup Provider Box Pushes into Healthcare


Online backup contender Box has recently announced that it is now HIPAA compliant after pushing its way into the healthcare sector and adding ten new healthcare application partners to address the industry’s backup challenges.

Wasting no time, Box has already began signing Business Associate Agreements, whereby the provider agrees to assume all responsibility in safeguarding PHI under the HIPAA guidelines. HITECH states that a BA’s disclosure and use of PHI must comply with both HIPAA Privacy Rule and HIPAA Security Rule.


Box is reportedly HIPAA compliant in a number of ways:

-          Encryption occurs in both transit and rest

-          Physical access restrictions to production servers

-          Stringent logical system access controls

-          File access granted by customers

-          Audit trail of account activities on both content and user

-          Formally defined and tested breach notification policy

-          Training of employees on security policies and controls

-          Employee access to customer data files are highly restricted

-          Redundant data center facilities to mitigate disaster situations


General Manager of Enterprise at Box Whitney Bouck commented: ‘This is one of the few verticals that we’ve chosen to go after aggressively. We work with a variety of verticals and we know we can tackle a range of challenges, but healthcare is one of the top which we are heavily focusing toward.’

Over the past year, Box’s healthcare industry grew 81%. Some of its customers include Health Trust Europe, Wake Forest Baptist Church, and Henry Ford Health System.

Head of Industry Marketing at Box Julie O’Brien stated: ‘The consumerization of IT and evolution of online backup are causing radical changes in the healthcare industry. With four out of five doctors using mobile devices for work-related tasks, mHealth and BOYD are creating new challenges for CMIOs and CIOs at hospitals and large integrated delivery networks across the nation. And as if this wasn’t enough, provider and patient frustrations continue to mount over the lack of interoperability and file sharing in healthcare.’