For Google Drive to be HIPAA Compliant the following must be implemented:
- Secure a Google BAA
- Implement access controls
- Enable 2-factor authentication
- Turn off link sharing and file syncing
- Sharing files outside the domain must be restricted
- Use unique passwords
- Set document visibility to private
- Disable offline storage, third-party app, and add-ons
- Regularly audit account logs, access, and shared file reports
- Ensure that ‘manage alerts’ setting is turned on to notify administrators of changes to settings
- Google Drive data must be backed up
- Train staff on how to use G Suite in a HIPAA compliant manner
- DO NOT put PHI as the title of a file
source:https://compliancy-group.com/is-google-drive-hipaa-compliant/
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article