At IU, how do I request a Box account for use with sensitive data?
At Indiana University, through a combination of account and folder configurations, Box can be used for Restricted and some Critical institutional data, such as approved protected health information (PHI) regulated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The accounts described in this article are set up by Box administrators, but their use and configuration is controlled by the requester, who is granted co-owner permissions.
To store such data in IU Box:
- Verify that your data are allowed in Box; see What types of data are appropriate for my IU Box account?
- Put the data in a folder owned by the appropriate account; see below.
- Understand and implement the security measures in Protecting sensitive data in Box.
Two special types of Box accounts exist:
- Box Health Data Accounts: To store and appropriately share approved protected health information (PHI) in Box, you must use a Box Health Data Account (BHDA). BHDAs are set up, monitored, and audited by Clinical Affairs IT Service (CAITS). CAITS will contact you to set up your account and guide you through the practices described in Protecting sensitive data in Box for protecting the data.
To request a Box Health Data Account, submit the IU Box Health Data Account Request Form.Note:If you have questions about this form, contact CAITS Support.
- Box Entrusted Data Accounts: IU provides Box Entrusted Data Accounts (BEDAs) for sharing and storage of non-health-related institutional data that is subject to regulation or for which tighter controls may be required or desired. It is strongly recommended that any Restricted institutional data in Box be in a BEDA. (Critical data, except for approved PHI, may not be stored in Box.) If you request a BEDA, it is your responsibility to configure and maintain the account according to the practices described in Protecting sensitive data in Box.
To request a Box Entrusted Data Account:
Note:The worksheet will guide you through the process of setting up two dedicated group (i.e., non-personal) computing accounts to serve as co-owners of the BEDA. Individuals may not be set as co-owners of BEDAs.
- Fill out the Box Entrusted Data Account Request Preparation worksheet to gather the information Box administrators will need to determine the proper account, folder, and collaboration settings to configure your account. You'll need this information to submit your request.
- After filling out the worksheet, submit the Box Entrusted Data Account Request Form.
This is document bfrt in the Knowledge Base.
Last modified on 2016-02-12 00:00:00.
- Fill out this form to submit your issue to the UITS Support Center.
- Please note that you must be affiliated with Indiana University to receive support.
- All fields are required.