Whether you are a healthcare professional or a patient, you have likely thought about the safety of your health information. MediCopy has been utilizing the secure, cloud-based platform “Box” for many years to keep these records safe. Box implements many security measures to maintain compliance with the SSAE 16 SOC1 report and HIPAA/HITECH regulations.
Boxes security measures include the ability for administrators to set very detailed access permissions on each file. This includes but is not limited to: who can create folders or upload files, whether users can share links to content, whether link recipients can download their content, and when links expire. In addition to these permissions, any action that is performed in Box is logged in an audit trail. These audit trails remain active in Box for one year. MediCopy actively reviews the audit trails on all records to ensure compliance.
Going beyond compliance, Box takes extra measures to ensure the security of the information being transferred to the platform. For example, all files uploaded to Box are encrypted using 256- bit AES encryption. In addition, the encryption key is further encrypted with a Key Encryption Key (KEK) which is stored in an Interval Key Server (IKS). This means that even if someone were to be able to access data in Box, they would not be able to see it in a clear, interpretable manner.
Because of the nature of the information Box stores, they utilize multiple data centers to provide essential redundancy. Essentially, even if one server facility were to have issues, all of the information MediCopy hosts in Box would still be accessible to us. For added protection, Box ensures all equipment is locked in cages or vaults, secured with separate keys or biometric scanning, protected by 24-hour onsite monitoring and guards, biometric authorization, CCVT with video archives, access control lists, and access and surveillance audit logs.
MediCopy is continually pleased with our partnership with Box and their continued mission to offer the safest means to manage, share, and access PHI. For more information on Box please visit www.box.com.