Box Takes Electronic Health Records to the Cloud

Healthcare was among the first industry verticals to adopt tablets and other mobile data devices, but getting the most out of mobile technology requires the capability to access large amounts of key information—like patient records.

One of the easiest ways to access documents on mobile devices is via cloud-based content-sharing platforms. While healthcare regulation has made that a quandary, it appears cloud providers may be ready to tackle the problem.

Box, one of the leading providers of a cloud-based secure content-sharing platform for enterprises, announced today that its service is now HIPAA/HITECH compliant, signaling an aggressive push into the healthcare vertical.

It also unveiled a new ecosystem of healthcare partners, including 10 new partner applications built on the Box platform to address industry-specific information challenges.

“This is one of the few verticals that we’ve really chosen to go after aggressively,” says Whitney Bouck, general manager of enterprise at Box. “We work with all different verticals and we know we can address a wide range of challenges, but healthcare is one of the top few that we’re really focusing on.”

Bouck says that Box’s sales in the healthcare industry grew more than 81 percent in the past year, and that was without HIPAA/HITECH compliance. Now, with the capability to sign HIPAA business associate agreements with healthcare customers, Box can expand to provide services around PHI like medical records, images, lab reports and more.

Consumerization of IT and Cloud Shakes Up Healthcare

“The consumerization of IT and evolution of the cloud are shaking up the healthcare industry,” says Julie O’Brien, head of industry marketing at Box.

“With four out of five doctors using mobile devices for work-related tasks, mHealth and BYOD are creating new challenges for CMIOs and CIOs at hospitals and large integrated delivery networks across the nation,” O’Brien says. “And as if that weren’t enough, provider and patient frustrations continue to mount over the lack of interoperability and file sharing in healthcare.”

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) established strong regulations on the protection of personal health information. The Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the American Recovery and Reinvestment Act of 2009, addressed the privacy and security concerns associated with the electronic transmission of health information, in part by strengthening the civil and criminal enforcement mechanisms of the HIPAA rules.

HIPAA specifies that a provider of services (business associate or BA) to a HIPAA-covered entity (like a hospital) must enter into a business associate agreement (BAA) with that entity—essentially a contract that protects PHI under the HIPAA guidelines. HITECH specifies that a BA’s disclosure, handling and use of PHI must comply with HIPAA Security Rule and HIPAA Privacy Rule mandates.

That means that service providers for a healthcare provider or institution are subject to audits by the Office for Civil Rights (OCR) within the Department of Health and Human Services (HHS) and can be held accountable for a data breach and penalized for noncompliance.

In January 2013, HHS moved to strengthen HIPAA provisions once more with the publication of its final omnibus rule.

The new rule expanded many of the HIPAA Privacy and Security Rules to cover BAs, including limits on how information is used and disclosed for marketing and fundraising purposes. In addition, it strengthened the HITECH Breach Notification requirements by clarifying when breaches of unsecured health information must be reported to HHS.

“These changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider or one of their business associates,” Leon Rodriguez, director of the HHS Office for Civil Rights, said upon release of the rule.

Despite Challenges, Demand for Cloud in Healthcare Is Growing

Despite the burden of compliance, the healthcare vertical is large and demand is high.

Boxs Bouck notes that hundreds of healthcare customers are already using Box, including Beaumont and Henry Ford Health Systems, Garden City Hospital, HealthTrust Europe, Johns Hopkins HealthCare Solutions and San Juan Regional Medical Center.

“We needed a tool that would allow us to centralize all our content and provide our doctors and executives quick, secure access to information on any device,” says Albert Fadool, CIO at Garden City Hospital in Garden City, Mich. “Box gives us this ability—improving visibility and collaboration around critical content like patient health records, clinical images and hospital protocols.”

“The consumerization of IT backed by the evolution of the cloud is shaking up the healthcare market,” says Charlotte Davies, lead analyst, healthcare life sciences, at research firm Ovum.

“The traditional approach to IT deployment in health systems—-roll out, fix, integrate, update, fix—is changing,” Davies says. “More and more healthcare enterprises are actively embracing the new capabilities enabled by cloud technologies to accommodate and utilize the fast growth of mobile applications and wirelessly connected devices.”

Box Announces 10 Healthcare Platform Partners

Box’s 10 new healthcare platform partners fall into four categories of healthcare services:

• Clinical documentation: Drchrono, a cloud and web-based HER application accessible from iPads and iPhones; and Umbie DentalCare, a dental care web-based practice management system for dentists available on the desktop and tablet.
• Care coordination: TigerText, an encrypted SaaS platform for secure text messaging in a clinical setting; Doximity, an online professional network designed for U.S. physicians; andMedigram, a secure group messaging app for the hospital environment; PostureScreen Mobile, posture analysis screening and evaluation software for mobile devices.
• Interoperability: MedViewer, a DICOM viewer for viewing, communicating and sharing medical images on iPhone and iPad; iPaxera PACS Viewer, a PACS viewing app designed for iPad, iPhone and iPod; and Medi-Copy, which provides Release of Information (ROI) request services and creates electronic copies of patient medical records.
• Access to care: HealthTap, which provides users with personalized health information and free online and mobile answers from physicians.

Box also announced an investment in Drchrono through the Box Innovation Network and an exclusive promotion in partnership with Doximity, which will give physicians who sign up for Box through their Doximity accounts 50 GB of free cloud file sharing.

Thor Olavsrud covers IT Security, Big Data, Open Source, Microsoft Tools and Servers for CIO.com. Follow Thor on Twitter @ThorOlavsrud. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn. Email Thor at tolavsrud@cio.com