Skip to main content

How do I host sensitive or restricted data in Box?

Storage of restricted data in Box is subject to review from Purdue's IT Security and Policy group (ITSP). Access may also require approval from campus offices and committees responsible for contractual compliance and research regulatory affairs.

Purdue’s managed Box environment can be used to store, de-identified data and limited data sets in scope of HIPAA for research. Fully identified data is subject to a security review and approval process.

All restricted data must be stored in a REED Folder. Do not use Box for an actual medical practice.

See the data map below for more details:

HIPAA data map


Thanks for letting us know.

Please don't include any personal information in your comment. Maximum character limit is 250.
Characters left: 250
Thanks for your feedback.