ARCHIVED: About IU Box accounts for use with sensitive data

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.
Important:

IU's Box cloud storage service was retired on May 10, 2021. For more, see the IU Box retirement FAQ. For information about cloud storage options available at IU, see Storage @ IU.

Note:
New accounts for sensitive data are no longer being created on Box. However, you can store such data in Microsoft at IU Secure Storage or Google at IU Secure Storage accounts. To request an account on either platform, complete the Institutional storage request form.

At Indiana University, through a combination of account and folder configurations, Box can be used for Restricted and some Critical institutional data, such as approved protected health information (PHI) regulated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

To store sensitive data in existing Box accounts:

  1. Verify that your data are allowed in Box; see ARCHIVED: Types of data appropriate for IU Box accounts.
  2. Put the data in a folder owned by the appropriate account; see below.
  3. Understand and implement the security measures in ARCHIVED: Protect sensitive data in Box.

Two special types of Box accounts exist:

  • Box Health Data Accounts: To store and appropriately share ARCHIVED: approved protected health information (PHI) in Box, you must use a Box Health Data Account (BHDA). BHDAs are set up, monitored, and audited by Health Technology Services (HTS). HTS will contact you to set up your account and guide you through the practices described in ARCHIVED: Protect sensitive data in Box for protecting the data.
  • Box Entrusted Data Accounts: IU provides Box Entrusted Data Accounts (BEDAs) for sharing and storage of non-health-related institutional data that is subject to regulation or for which tighter controls may be required or desired. Any Restricted data in Box must be in a BEDA. (Critical data, except for approved PHI, may not be stored in Box.) Your IT Pro will assist you in configuring and maintaining the account according to the practices described in ARCHIVED: Protect sensitive data in Box.

This is document bfrt in the Knowledge Base.
Last modified on 2020-08-14 11:57:59.