[tgokh]

My university and hospital system recently rolled out Box across the whole institution. I think the major difference is that Box is willing to sign a Business Associate Agreement and ensure compliance with HIPAA standards. My understanding is that Dropbox has been unwilling to negotiate and sign BAAs, so the service can't be used for sensitive information without huge risk. At least at our institution, we can store deidentified research data on Box, and there are options available for storing Protected Health Information as well (though it requires going through our Information Security office)