U of I Box, Protecting PHI with Box Health Data Folders Policies and Guidelines
How do I apply for a Health Data Folder in U of I Box?
As Box is at its heart a sharing and collaboration tool, researchers using a BHDF are responsible for reading and following the guidance in the Protecting PHI with Box Health Data Folders document linked below before applying for a BHDF.
For questions on HIPAA protected resources, please contact your campus HIPAA liaison.
- Individuals must read and understand the full policy guideline before applying for a “University Box Health Data Folder (BHDF)” if they wish to disclose PHI to Box.
- Individuals must apply for and be granted a BHDF from the HIPAA Privacy Official.
- If granted, BHDF “owners” must ensure that all folders (including subfolders) within Box have names that begin with “[Box Health].”
- Extreme care must be taken when inviting collaborators to BHDFs. All users of the BHDF must understand and implement the required security measures.
- Box sync for these folders is discouraged. If used, BHDFs may only be synced to university owned endpoint computers or devices that are encrypted per campus security policies and the University’s HIPAA Directive.
- Everyone who interacts with PHI within Box, including “owners,” “co-owners,” and “collaborators,” must keep it secure. Individuals that disclose PHI to Box are responsible for not only abiding by the University’s HIPAA Directive and the terms of this document, but are also accountable for making sure that any other individual with whom the PHI is shared also abides.
- Storage of PHI in a “personal” (i.e., non-BHDF) folder is strictly prohibited.
Full Policies and Guidelines
Review the full policies and guidelines at the University of Illinois HIPAA resource page: