Box Says Its Cloud-Based File Sharing Tech Is HIPAA, HITECH 'Compliant'

Box this week said its cloud-based content sharing platform is now one of a handful of cloud applications that is HIPAA and HITECH compliant.

The company also said it is willing to sign HIPAA Business Associate Agreements, which contractually obligates the cloud provider to apply the same safeguards to protect the privacy of protected health information that its partners offer.

HIPAA (Health Insurance Portability and Accountability Act) regulates the use and disclosure of private health information. HITECH (Health Information Technology for Economic and Clinical Health) provides incentives for the adoption of electronic health records.

[Related: Box Brings In Former Symantec, Yahoo Execs To Ramp Up Security, Trust ]

Sponsored post

While Box is formally announcing it is both HIPAA and HITECH compliant, Missy Krasner, healthcare expert at Box, admitted that there is no formal certification or stamp of approval for the designations.

However, Krasner said, the fact that Box can sign HIPAA business associate agreements is an indication of the level of privacy the company is bringing to the sharing of medical information.

The new HIPAA and HITECH compliance for Box's cloud service comes at a time when the medical industry is increasingly adopting mobile technology, bringing with it the desire to store, share and access information via the cloud, said Julie O'Brien, industry marketing director for Box.

However, O'Brien said, while the kind of legacy applications the medical field has been using like SharePoint work great behind the corporate firewall, they fail in front of the firewall where mobile devices are used.

"A lot of technologies are built on legacy server infrastructures, not on the cloud," she said. "But doctors love their iPads."

Box brings an easy-to-use platform, based on its consumer heritage, along with the security and control physicians and other medical organizations require to provide a confidential cloud-based sharing service for patient records, medical images, hospital protocols and consulting notes, O'Brien said.

"The content being shared is highly confidential," she said.

O'Brien said that Box has also had third-party auditing of its offering.

Jamie Shepard, regional vice president at Lumenate, a Dallas-based solution provider with clients in the medical market, does file sharing and synchronization using EMC's Syncplicity running on EMC's Isilon storage infrastructure. EMC acquired Syncplicity nearly a year ago.

NEXT: Hybrid File Sharing vs. All-Cloud Solution

For business users, including those in the medical market, Syncplicity is a safer and better alternative to offerings that sprang from the consumer market, Lumenate's Shepard said.

"As an administrator with Syncplicity, I have my own GUI," he said. "I can control what folders are copied to Syncplicity, and control what folders and files can be downloaded. And I can also create my own internal dropbox without the need to go to a cloud."

Box's O'Brien said the company offers strong security for its file sharing software, and it has been accepted for use by over 150,000 businesses, including hundreds of healthcare customers.

She also said a focus on the cloud is needed to move the healthcare file sharing business forward.

"If you are looking at hybrid solutions, you are only postponing the inevitable as customers better learn the benefits of the cloud," she said. "I don't see anything else holding us back. We're just at the tip of the iceberg."

Box's Krasner said the company has been working with mobile-first developers of healthcare applications. "There is a lot of disruption going on here," she said. "Businesses are serving up health records on mobile devices."

PUBLISHED 26, 2013