How to make Box HIPAA compliant

HIPAA compliance

Sep 06th 2017

Lately, we’ve been discussing in the office whether certain cloud-based solutions are HIPAA compliant or not. Box is a publicly traded cloud content management and file sharing service for businesses.

We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.

In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:

Today, we will determine if Box offers HIPAA compliance or not.

About Box

Box is a cloud computing business which provides file-sharing, collaborating, and other tools for working with files that are uploaded to its servers. It went public on the NYSE in 2015.

Box was originally developed as a college project of Aaron Levie while he was a student of the University of Southern California in 2004. Levie soon dropped out of USC, became CEO, and he got his childhood friend Dylan Smith to become CFO.

Box and the Business Associate Agreement

We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.

We checked Box’s site and quickly found the Box for Healthcare solutions page.

On that page, Box states:

“For extra assurance, Box signs HIPAA Business Associate Agreements (BAAs) with customers.”

When did Box first announce HIPAA Compliance?

Now that we know Box support HIPAA compliance, we thought it would be useful to find out when they first offered HIPAA compliant services.

The answer turns out to be April 2013.

We found a Box Community guided titled, Box HIPAA and HITECH Overview and FAQs.

It mentions:

“In April of 2013, Box announced its ability to support the HIPAA and HITECH regulations, as well as the ability to sign HIPAA Business Associate Agreements (BAAs) with customers.”