Gazelle Consulting

Is Google Drive HIPAA Compliant?

Is Google Drive HIPAA Compliant?

Yes, Google Drive can be used as part of a secure HIPAA compliance program. You can store documents containing PHI on Google Drive if the proper security controls in place. In this post, we will highlight what to consider when storing critical patient information on Google Drive.

Encrypt the Documents Your Store on Google Drive

Files containing PHI stored on Google Drive should be encrypted before being uploaded. We can recommend several options that allow you to manage encryption keys in order to meet HIPAA requirements.

Manual Encryption Options

  • Good no-cost software for manually encrypting your files include VeraCrypt and DiskCryptor.
  • Pay services like AxCrypt have even more features to help you manage encrypted file access including robust key sharing features, password management, backup keys, mobile support, file wiping and more.

Encryption Key Management

  • G Suite’s Business and Enterprise editions offer the ability to deploy and monitor security keys for your organization.
  • Be wary of encrypting your PHI using any service that does not allow you to manage your own encryption keys. If there is no BAA in place with your vendor, they should not be in charge of managing your encryption keys.

Contact us if you have questions about integrating encryption software into your established procedures.

User Permission and Activity Monitoring

Before storing PHI on Google Drive, administrators must properly configure permissions to specify:

  • What directories and files can be accessed by what users
  • What files can be shared with what users
  • Which users can share files with other users

User activity and file version updates should be periodically reviewed to identify any unauthorized user access and to ensure that the file permission settings are correctly assigned.

Deciding if Google Drive is HIPAA Compliant for You

If you need guidance making security configuration decisions regarding your Google Drive or G Suite account contact Gazelle Consulting or call 503-389-5666 for a free initial consultation.

Share on facebook
Facebook
Share on google
Google+
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest

Popular Posts

  • How to Handle the Loss or Destruction of Medical Records

    Whether it be an delete happy IT admin, a theft, or a glitch in your system, lost health records can have an impact on your patients...

  • 2018’s Most Interesting HIPAA Violation Cases

    2018’s Most Interesting HIPAA Violation Cases

    Since the 2003, the Enforcement Act, an addendum to HIPAA that gave the OCR the right to enforce HIPAA on behalf of the HHS, we’ve seen an ever increasing number of fines and breaches.

  • Who Enforces HIPAA?

    HIPAA, which stands for the Health Insurance Portability and Accountability Act, is enforced by the Office for Civil Rights (OCR), which is an arm of the Department of Health and Human Services (HHS).

  • Stronger HIPAA enforcement

    HIPAA Consent Form – How to Obtain HIPAA Authorization

    Earlier this month, the Office for Civil Rights (OCR) announced a new plan to strengthen HIPAA enforcement in response to criticism from the Office of Inspector General (OIG). The OCR will be beefing up their compliance investigations and expanding their audit program in 2016.

  • What is the Purpose of HIPAA?

    What is the Purpose of HIPAA?

    HIPAA compliance can be confusing. Is it HIPAA or HIPPA? Do I need to be HIPAA compliant? Who enforces HIPAA? Gazelle Consulting is here to answer your questions and help you to achieve compliance quickly and painlessly!