Box at UMN is a contracted, cloud-based collaboration and storage solution that allows you to collaborate with people inside and outside of the university through file storage, shared links, commenting, versioning, workflows and many other useful features. Box at UMN is obtained through a contract with Internet2 Net+ (https://www.internet2.edu/vision-initiatives/initiatives/internet2-netplus/) which includes security provisions giving UMNrs a place for storing many kinds of data in a safe and secure manner.
UMN’s contract with Internet2 Net+ includes a Business Associate Agreement (BAA). This means individuals may use this service to store Protected Health Information (PHI) regulated by the federal Health Insurance Portability and Accountability Act (HIPAA). Complying with HIPAA’s requirements is a shared responsibility. UMN and Box work together to provide a file collaboration and storage environment that is as secure as possible for the types of data authorized to be stored. Individual users who share and store PHI in Box are responsible for complying with HIPAA safeguards, including:
- Using and disclosing only the minimum necessary PHI for the intended purpose.
- Obtaining all required authorizations for using and disclosing PHI.
- Ensuring that PHI is seen only by those who are authorized to see it.
- Obtaining all necessary data-sharing agreements for using and disclosing PHI.
- Adhering to all relevant data use agreements, contracts, IRB policies, compliance conditions and local unit rules.
Other Restricted Data
Although PHI and some other Restricted data may be stored on Box at UMN, other types of Personally Identifiable Information (PII), such as Social Security Numbers, Driver’s License Numbers, Credit Card Numbers, etc. are not permitted to be stored on Box at this time. Please refer to the When Should I Use Box? page for further information on what is permitted to be stored on Box at UMN.
If there are any questions about how to store PHI on Box, please contact the IT Service Desk at 612-301-4357.