Lately, we’ve been discussing in the office whether certain cloud-based solutions are HIPAA compliant or not. Box is a publicly traded cloud content management and file sharing service for businesses.
We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.
In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:
- Amazon CloudFront
- Apple iCloud
- Citrix ShareFile
- Google Drive
- Google Forms
- Google Hangouts
- Microsoft 365
Today, we will determine if Box offers HIPAA compliance or not.
SEE ALSO: HIPAA Breaches and Cloud Providers
Box is a cloud computing business which provides file-sharing, collaborating, and other tools for working with files that are uploaded to its servers. It went public on the NYSE in 2015.
Box was originally developed as a college project of Aaron Levie while he was a student of the University of Southern California in 2004. Levie soon dropped out of USC, became CEO, and he got his childhood friend Dylan Smith to become CFO.
Box and the Business Associate Agreement
We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.
We checked Box’s site and quickly found the Box for Healthcare solutions page.
On that page, Box states:
“For extra assurance, Box signs HIPAA Business Associate Agreements (BAAs) with customers.”
When did Box first announce HIPAA Compliance?
Now that we know Box support HIPAA compliance, we thought it would be useful to find out when they first offered HIPAA compliant services.
The answer turns out to be April 2013.
We found a Box Community guided titled, Box HIPAA and HITECH Overview and FAQs.
“In April of 2013, Box announced its ability to support the HIPAA and HITECH regulations, as well as the ability to sign HIPAA Business Associate Agreements (BAAs) with customers.”
Does Box Offer HIPAA Compliant Service?
The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate.
Information on Box’s website concisely states they were an early adopter for HIPAA compliance among cloud vendors.
Box for Healthcare is HIPAA compliant.
Make sure you sign a Business Associate Agreement with them.