Frequently Asked Questions

Some common questions, errors, and problems are categorized below. Click the Expand Topics link in the upper right to see all entries at once. You can also use the search box above to search the user guide for any issues you are seeing.

Link to section 'About Box Research Lab Folder' of 'About Box Research Lab Folder' About Box Research Lab Folder

Does Purdue have a Business Associate Agreement with Box?

Box supports the HIPAA and HITECH regulations, as well as the ability to sign HIPAA Business Associate Agreements (BAAs) with customers. Customers who are required by law to comply with HIPAA, such as HIPAA Covered Entities and HIPAA Business Associates, must have an Enterprise or Elite account with Box and sign a HIPAA Business Associate Agreement (BAA).

  • Purdue University signed a Business Associate Agreement with Box, and Box accounts are Enterprise.
  • Box provides the ability to use O365 online office application to open and work with content. Purdue University has signed a Business Associate Agreement with Microsoft.
  • All other third-party service providers with our instance of Box Enterprise are not covered by a Business Associate Agreement (BAA).

Do not use third party party applications to process data considered Restricted via your Purdue managed Box account. Purdue University does not maintain a contractual agreement with the vendor, and the required security controls are not in place.

A Box Managed account is your Purdue managed Box account. A REED folder is a project folder created in secure folder structure within Box.

What is a Box Managed Account and REED Folder?

A Box Managed account is your Purdue managed Box account. A REED folder is a project folder created in secure folder structured within Box.

Link to section 'Data' of 'Data' Data

Can I integrate 3rd-Party Apps with my Box folder?

Third-Party Apps for Box

While official Box add-on applications are approved for use with Purdue Box.com folders, third-party apps have not been reviewed for impact to security and are not approved for use until a security review has been completed by IT Security and Policy. If the official Box apps cannot provide the functionality you need, you may request a security review of the third-party app you are considering by submitting an email including the app name and the functionality you are addressing with the app to itpolicyreq@purdue.edu.

Can I use Unmanaged Box accounts, and other Cloud Storage Options?

Unmanaged (free and commercial) Box accounts and all other Cloud Storage options are not approved for storing or sharing sensitive or restricted data. Purdue University does not maintain a contractual agreement with the vendor, and the required security controls are not in place. Personal use of cloud storage can continue, however sensitive and restricted data must not be stored in the account. The table below will help you determine where to store your data.

Data Storage Breakdown
Classification Personal Box Folder REED Folder
Individually Identifiable Health Information No Determined by Review
Limited Data Set No Yes
De-Identified Data No Yes
De-Identified Data with Contractual Requirements No Yes

Should I use Box Drive if I work with Restricted Data?

Currently, ITaP does not recommend using Box Drive to work with restricted data. However, if you have a business need for Box Drive, contact IT Security and Policy so we can help you understand the risk and ensure you have the appropriate controls in place to protect the data.

Will Box Drive or Box Edit cache files on the local machine?

Box Drive does locally cache files that you have opened. Box Drive's cache size limit is based on your free disk space (50% of available space) and has a maximum limit of 25 GB. If you reach this limit, Box Drive begins removing files, starting with those files files that have gone the longest without your accessing them. Also, if a cached file has a new version created on Box, Box Drive discards the locally cached version. Do not open data in Box Drive containing restricted data. More details: Technical Information for Box Drive Administrators

Box Edit does download the file to a cache when you are modifying a file. The cache can be cleared. See: Clear Your Box Edit Cache

Can I use FTP to access Box?

No, FTP is disabled.

Can I delete my files permanently from Box?

Individuals can delete a file or folder, and the item will be placed in the Trash. Individuals will not be able to permanently delete the items. An automated process is in place to remove data older than 90 days. Once the item is purged, it can't be recovered using the built in Box tools.

What are the recommended permission levels?

Recommended permission levels
Role Permission Level
Project Team member who needs full control Editor
Project Team members who just needs to work within Box Viewer Uploader
Project Team member who needs Read/Download access Viewer
Partner who needs Read access Previewer
Partner who need to upload data Uploader

How do I host sensitive or restricted data in Box?

Storage of restricted data in Box is subject to review from Purdue's IT Security and Policy group (ITSP). Access may also require approval from campus offices and committees responsible for contractual compliance and research regulatory affairs.

Purdue’s managed Box environment can be used to store, de-identified data and limited data sets in scope of HIPAA for research. Fully identified data is subject to a security review and approval process.

All restricted data must be stored in a REED Folder. Do not use Box for an actual medical practice.

See the data map below for more details:

HIPAA data map

Helpful?

Thanks for letting us know.

Please don’t include any personal information in your comment. Maximum character limit is 250.
Characters left: 250
Thanks for your feedback.