Health

Health care developers who build on Box get HIPAA compliance for free

SAN FRANCISCO — When health IT professionals are calling out for better ways to view patient data, third party applications are the obvious answer. But without HIPAA compliance, the task is more than a daunting one — it’s a potential financial sinkhole. But it seems that partnerships with companies such as Box might be the answer, according to remarks made by Box chief executive Aaron Levie today at VentureBeat’s HealthBeat conference.

HIPAA is the Health Insurance Portability and Accountability Act of 1996, and it’s the major safeguard of patient data privacy in the U.S. That’s because HIPAA governs all the ways that doctors and health care providers can or cannot exchange data — for instance, it prohibits doctors from sending emails to other doctors about a patient, because email is inherently insecure. For the IT service providers that work with the medical profession, HIPAA compliance is complicated and difficult — but it’s also the price of admission to the health care field.

Recently, Box received HIPAA compliance certification, which means Box is now considered safe enough to hold on to data about your health. The company worked for over eight years to get its systems to this point and sees a lot of opportunity to branch into the health sector. But Box, for many, is just an enterprise cloud storage company. It helps your employees send PowerPoint files and Word docs safely to each other.

Partnerships with third party developers, however, may put Box at the center of health IT innovation because it automatically shares its HIPAA compliance with those who build on top of Box data.

“There’s not that much tech that’s actually sanctioned … that has that consumer experience,” Levie said today. “We really want to be the underlying layer for how content gets stored and shared.”

Box provides an application programming interface (API) that gives developers access to certain content it stores. With the health care sector using Box, that means patient health records, medical images, payment information, and more may be stored on the site. Oftentimes this information is difficult to read, and time-consuming to call up. Developers can build a beautiful framework in which that data is displayed, but never store the data itself by using Box’s API.

Thus, developers get the huge added bonus of being both creatively open and HIPAA compliant.

Indeed, Box now owns one of these third parties working on making that data digestible. Crocodoc, a small startup that Box recently acquired, takes all different kinds of documents and translates them into HTML5 interactive experiences. The company says it will start looking at translated EHRs as well as medical imaging — doctors could one day be looking at a flip-book style document of a patient’s x-rays over the years as opposed to the more traditional methods.

Aaron Levie image via Michael O’Donnell/VentureBeat

Topics >

blog comments powered by Disqus