Box Takes Electronic Health Records to the Cloud

Healthcare providers were among the first industries to use tablets and other mobile devices, but leveraging them fully has been difficult due to regulations that protect electronic health records and other personal health information. But enterprise content sharing specialist Box is making an aggressive play for the healthcare vertical with what it says is a HIPAA/HITECH compliant platform.

By
Thu, April 25, 2013

CIO — Healthcare was among the first industry verticals to adopt tablets and other mobile data devices, but getting the most out of mobile technology requires the capability to access large amounts of key information—like patient records.

One of the easiest ways to access documents on mobile devices is via cloud-based content-sharing platforms. While healthcare regulation has made that a quandary, it appears cloud providers may be ready to tackle the problem.

Box, one of the leading providers of a cloud-based secure content-sharing platform for enterprises, announced today that its service is now HIPAA/HITECH compliant, signaling an aggressive push into the healthcare vertical.

It also unveiled a new ecosystem of healthcare partners, including 10 new partner applications built on the Box platform to address industry-specific information challenges.

"This is one of the few verticals that we've really chosen to go after aggressively," says Whitney Bouck, general manager of enterprise at Box. "We work with all different verticals and we know we can address a wide range of challenges, but healthcare is one of the top few that we're really focusing on."

Bouck says that Box's sales in the healthcare industry grew more than 81 percent in the past year, and that was without HIPAA/HITECH compliance. Now, with the capability to sign HIPAA business associate agreements with healthcare customers, Box can expand to provide services around PHI like medical records, images, lab reports and more.

Consumerization of IT and Cloud Shakes Up Healthcare

"The consumerization of IT and evolution of the cloud are shaking up the healthcare industry," says Julie O'Brien, head of industry marketing at Box.

"With four out of five doctors using mobile devices for work-related tasks, mHealth and BYOD are creating new challenges for CMIOs and CIOs at hospitals and large integrated delivery networks across the nation," O'Brien says. "And as if that weren't enough, provider and patient frustrations continue to mount over the lack of interoperability and file sharing in healthcare."

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) established strong regulations on the protection of personal health information. The Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the American Recovery and Reinvestment Act of 2009, addressed the privacy and security concerns associated with the electronic transmission of health information, in part by strengthening the civil and criminal enforcement mechanisms of the HIPAA rules.

HIPAA specifies that a provider of services (business associate or BA) to a HIPAA-covered entity (like a hospital) must enter into a business associate agreement (BAA) with that entity—essentially a contract that protects PHI under the HIPAA guidelines. HITECH specifies that a BA's disclosure, handling and use of PHI must comply with HIPAA Security Rule and HIPAA Privacy Rule mandates.

Continue Reading

Our Commenting Policies