Box: When Should I Use Box?

Box and Sensitive Data

Box is a secure data storage and sharing tool that is the primary secure sharing tool for the University of Minnesota. Box meets requirements for storing and sharing electronic Protected Health Information (ePHI) under HIPAA, which may replace your current secure storage drives. 

If you are working with legally protected data that have specific contractual requirements such as FISMA, Box Secure Storage may not be the correct solution for your situation. Contact Technology Help so we can consult with you and make sure Box Secure Storage meets your needs.

When Should I Use Box? 

You may need to use Box if you need to store or share:

  • ePHI or related data
  • identified or sensitive human subjects research data
  • restricted research data that require encryption
  • data that contain links between participant identities and the random codes used in a de-identified dataset
  • other sensitive information or materials

If your data is currently on HST managed servers and:

  • Each individual file is less than 15 GB †' Use Box
  • Individual files are greater than 15 GB †' Continue using HST servers 

Who Can Use Box? 

Our Box instance is available to all active students, staff, faculty, and sponsored accounts at the University of Minnesota.

Departmental accounts are not supported because login details are often shared across multiple individuals. Instead, we encourage departments to set up folders with a designated individual as the folder owner. Contact Technology Help for a consultation if you think you need a departmental account solution.

You will be able to share and collaborate with external entities while retaining our security settings on any folder created in a University owned Box Secure Storage Account.

Storage Tools by Security Level

The tables below illustrates what tools are appropriate for different security levels. 

AHC Storage





AHC Storage

UMN Box Secure Storage

Encrypted local drive or container

Home/Shared Drives (

Google Drive

CLA Unix storage

MSI storage

✔   ✔



 ❌  ✔

Non-UMN Tools (e.g., Dropbox, personal Google accounts)

 ❌  ❌  ✔


 High Medium Low
  • Most Private Highly Restricted data*
  • Protected Health Information (PHI)
  • Personally Identifiable Information (PII)
  • Sensitive Research Data
  • Most Private Restricted data
  • De-identified Research data
  • Student data (FERPA) 
  • Most Public data

Don't know what security level is right for your research data? 

Use our guides to determine the correct security level for your research data.

Read the University's Policy on Data Security Classification

* Does not include PCI/Credit Card data and some FISMA data may require a consultation to determine if Box is right for you.


Last modified