Yottabytes: Storage and Disaster Recovery

Apr 25 2013   11:05PM GMT

Box Adds HIPAA, HITECH Support to Expand Into Healthcare

Sharon Fisher Sharon Fisher Profile: Sharon Fisher

You know how every time you go to a new doctor, you have to sign this form (does anybody read it?) that talks about your rights to privacy for your medical records? Vendors of medical services have their own requirements to live up to, and Box has announced that it is complying with those regulations, in hopes that it will become more widely used as a file transfer medium in the healthcare industry.

“Compliance with the Health Insurance Portability and Accountability Act means that Box provides file redundancy to prevent data loss in a disaster, restrictions on employees’ access to documents, a breach-notification policy, data encryption and other features, ” writes GigaOm’s Jordan Novet.

In addition, the company now has ten new healthcare applications. Box is doing this by partnering with a number of other vendors. According to Jasmine Pennic at HIT Consultant Media, those applications are:

  • Clinical documentation: Drchrono, a cloud and web-based HER application accessible from iPads and iPhones; and Umbie DentalCare, a dental care web-based practice management system for dentists available on the desktop and tablet.
  • Care coordination: TigerText, an encrypted SaaS platform for secure text messaging in a clinical setting; Doximity, an online professional network designed for U.S. physicians; and mMedigram, a secure group messaging app for the hospital environment; PostureScreen Mobile, posture analysis screening and evaluation software for mobile devices.
  • Interoperability: MedViewer, a DICOM viewer for viewing, communicating and sharing medical images on iPhone and iPad; iPaxera PACS Viewer, a PACS viewing app designed for iPad, iPhone and iPod; and Medi-Copy, which provides Release of Information (ROI) request services and creates electronic copies of patient medical records.
  • Access to care: HealthTap, which provides users with personalized health information and free online and mobile answers from physicians.

Box is also supporting the requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act, and is investing in drchrono.

Compliance requirements include the following, writes Patrick Ouellette in Health IT Security.

  • Data encryption occurs in transit and at rest
  • Restricted physical access to production servers
  • Strict logical system access controls
  • Data file access granted by customers
  • Audit trail of account activities on both user and content
  • Formally defined and tested breach notification policy
  • Training of employees on security policies and controls
  • Employee access to customer data files are highly restricted
  • Redundant data center facilities to mitigate disaster situations

Support for HIPAA and HITECH could also help the cloud storage company improve its reputation for security and privacy overall; various incidents have sometimes led to such services, rightly or wrongly, being seen as insecure. In particular, noted GigaOm, it may make Box more attractive to enterprise users, as well as for a planned initial public offering.

Moreover, HIPAA support could also make it easier for healthcare providers to implement BYOD, writes Ouellette. “Clinicians would now be able to set up secure cloud folders for a patient’s medical records or collaborate on a patient’s diagnosis with the Box mobile application in a compliant manner,” he writes.

HIPAA requirements can be pretty arduous; for example, the Boise-based WhiteCloud Analytics healthcare analytics software company, had to have a separate set of doors, through which one can enter only by being buzzed in, due to HIPAA requirements.

Chances are, this isn’t the first such announcement. Now that Box has come up with the idea, one can expect that other cloud storage vendors — like Dropbox, Microsoft’s Skydrive, Google’s Drive, and so on — will soon follow suit. Microsoft’s Office 365 already supports HIPAA and in fact the company has also announced improvements in its HIPAA support.

2  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Kevin Beaver
    It's good to see IT and security product vendors get on board with some real solutions to help take the pain out of government regulations. The bad part of this is that many in healthcare - especially management - assume they can deflect their own compliance responsibilities because they use a product or server that's "HIPAA compliant". As much as they'd love it, compliance doesn't come in a box. Thanks for the info Sharon.
    27,525 pointsBadges:
  • Sharon Fisher
    Thanks for the link! Just goes to show this stuff has been talked about for a long time. 2002, wow.
    9,715 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: