Log in

6 Ways to Keep Your Organization Secure

6 Ways to Keep Your Organization Secure

  • Comments 8
  • I have concerns about one of your above claims.

    You say that Box is HIPAA-compliant. But TechSoup  provides starter edition Box licenses.  The Security section of the Box Privacy Policy, which shows Box's business model to include harvesting and selling user data, says "Unless you have purchased a Box Enterprise subscription account or higher, you agree not to upload to or collaborate through the Box Services any Personal Health Information as defined by the Health Insurance Portability and Accountability Act of 1996 as amended (HIPAA)."

    Could you please correct or clarify your claim of HIPAA compliance?  This is of major importance to non-profits handling health or similarly private personal information.

  • Thanks for the question. We're following up for clarification from Box and will post here as soon as we hear back.

  • Thanks for your question about Box HIPAA compliance.  With the Box Enterprise Edition a BAA (Business Associate Agreement) can be signed to be fully HIPAA certified.  The lesser editions (including Starter Edition - donated ) are not fully HIPAA certified.  We will update our product content accordingly.  The TechSoup Starter Edition can be upgraded to the Enterprise plan at a 50% discount directly through Box.org.  

  • It cannot be HIPAA-certified. There is no HIPAA certification of products. The statements being made here approach the definition of legal advice, and they are incorrect and misleading. For your protection and to prevent misleading your client organizations, I strongly recommend removing all references to HIPAA from both the product description and the above article.

  • We make every effort to ensure that our content is factually accurate prior to publication and regret that we published incorrect information. As you noted, there is no HIPAA certification of products, so the references to "HIPAA-compliant" and "HIPAA certified" were incorrect. The blog post has been updated to remove references to HIPAA compliance. We will also be updating the Box product description and refining our editorial guidelines for how we talk about HIPAA on the site. Thank you for identifying the issue and helping us ensure our content is accurate regarding this important and complicated legal issue.

  • Thank you for your quick response and corrective action.  Since the matter is now moot, please feel free to remove my comments from this thread.

  • Does TechSoup have any vendors donating encryption software?  I am part of a free health clinic.

  • Hi gschaeff, TechSoup doesn't currently have any vendors donating encryption software. Good idea! We'll keep an eye out for that possibility.