How do I request a PHI folder in Box?

Summary

The University of Illinois has signed a Business Associate Agreement (BAA) with Box.com. The BAA allows the UofI the ability to provide Box Health Data Folders for the secure sharing and storage of health information. Only employees, volunteers, trainees, and other persons under the direct control of the University are eligible to apply for a BHDF.

Body

The University of Illinois has signed a Business Associate Agreement (BAA) with Box.com. The BAA allows the UofI the ability to provide Box Health Data Folders for the secure sharing and storage of health information. Only employees, volunteers, trainees, and other persons under the direct control of the University are eligible to apply for a BHDF.

To request a PHI folder in Box:

  1. Read and understand the protections and proper use of Box.com with PHI as outlined in the document Protecting PHI in Box
  2. Fill out the University Box Health Data Folder Request Form (https://go.uillinois.edu/RequestBoxHealthFolder). 
  3. Once reviewed and approved by the HIPAA Privacy Official, you will receive notification that your application has been accepted and that the requested folder has been created within Box. The new BHDF will appear in your Box dashboard when you log in but is subject to the restrictions outlined in this document. You are designated the “owner” of the BHDF and ultimately responsible for access controls. 
  4. All users of the BHDF must understand and implement the required security measures discussed below.
     

Important considerations 

  • Individuals must read and understand this document before applying for a BHDF if they wish to disclose PHI to Box. 
  • Individuals must apply for and be granted a BHDF from the HIPAA Privacy Official. 
  • If granted, BHDF “owners” must ensure that all folders (including subfolders) within Box have names that begin with “[Box Health].” 
  • Extreme care must be taken when inviting collaborators to BHDFs. 
  • Box sync for these folders is discouraged. 
  • If used, BHDFs may only be synced to university owned endpoint computers or devices that are encrypted per campus security policies and the University’s HIPAA Directive. 
  • Everyone who interacts with PHI within Box, including “owners,” “co-owners,” and “collaborators,” must keep it secure. 
  • Individuals that disclose PHI to Box are responsible for not only abiding by the University’s HIPAA Directive and the terms of this document, but are also accountable for making sure that any other individual with whom the PHI is shared also abides. 
  • Storage of PHI in a “personal” (i.e., non-BHDF) folder is strictly prohibited.
Questions about UI Box Health Data Folders can be directed to hipaa@uillinois.edu.

Details

Details

Article ID: 512
Created
Fri 1/15/21 6:48 PM
Modified
Tue 10/15/24 11:20 AM

Related Articles

Related Articles (1)

If a sent file is blocked, you can send your attachment via Box.

Related Services / Offerings

Related Services / Offerings (1)

Box Health Data Folders are special folders in the U of I Box environment that are approved for use with PHI.