Frequently Asked Question: FAQ:

Is it safe to store patient data on Box?

Other FAQs


Box is one of the most popular cloud storage services available. It offers a HIPAA-compliant secure storage option, and while HIPAA is a US-based standard for protecting patient privacy, it is viewed by many around the world as the gold standard in patient privacy regulation. Please see the Box HIPAA And HITECH Overview And FAQs for more information. Box is, however, a US company and, hence, raises the issue of data sovereignty. If you store data outside of Australia, then it becomes subject to the laws of the country in which the data resides.

In November 2106 Box, fortunately, announced "Box Zones in Australia” which enables Australian customers to store their data locally. Box says that by storing customer data in-country, it "can help address Australian Privacy Principles for organisations with data residency concerns and help companies meet the Australian Signals Directorate’s strong recommendation that cloud providers handling sensitive data be located in Australia".

Unfortunately, you must have a Box Enterprise account to use Box Zones. The Box website asks that you contact them to get a quote. Expect to pay around $35 per month for this service.