Does Google Drive enable HIPAA compliance?

Google is one of the biggest companies in the world, receiving about 63,000 searches per second on any given day. But search is just one of Google’s numerous products, many of which are free for personal use. It’s hard to find people who don’t use Google software daily.

Google’s popularity makes it an appealing option for healthcare providers. They have the opportunity to use a familiar app, which gives users a low barrier to entry. The tricky part is that healthcare providers have to consider the privacy and security features of any technology that will access electronic protected health information (ePHI). Does Google Drive offer HIPAA compliance features?

To securely collect medical data, files, and payments online and send them to Google Drive automatically, Jotform offers HIPAA-friendly online forms and a free Google Drive integration.

HIPAA-related software is only as good as your internal security practices

Imagine your team has just purchased new form software to help you handle data in a HIPAA-friendly manner, but after entering a new patient’s information, the administrator walks away from the computer without logging off. Such bad practices have put your organization at risk for a HIPAA violation.

That example illustrates how a lack of training can put an organization at risk. Organizations that want to keep their data safe and avoid legal repercussions need to ensure both their technology and employee practices are HIPAA-friendly. You can read more about tips to help make your organization HIPAA friendly here.

What if your security practices are solid? What do you have to do to use Google Drive while staying in line with HIPAA compliance necessities?

Keeping PHI secure while using Google Drive

Apart from ensuring that your organization is practicing HIPAA-friendly procedures, follow a few steps to help you use Google Drive in a HIPAA-friendly way. Google provides such information, but we’ll break it down here too.

1. Enter a business associate agreement (BAA). Entering into a BAA with Google is a good idea if you will be sharing PHI through Google Drive. Google mentions that this agreement doesn’t allow HIPAA-friendly usage of all of their services but does include services like Google Drive, Gmail, and Google Calendar. 
2. Turn off file sharing. With Google Drive, admins have control over how employees can share documents. They can restrict the ability to share files outside of the domain and set the default visibility to private. Admins can control file sharing at an organizational level, all the way down to the folder level. This helps admins ensure the wrong people can’t access files. 
3. Beware of third-party plug-ins. Third-party plug-ins can pose additional security risks, so Google recommends that admins consider disabling them. If you need a plug-in, discuss entering into a BAA with that organization to comply with HIPAA. 
4. Regularly review how employees share information. Just because everyone buys into being secure doesn’t mean employees will be perfect. Google allows admins to run file exposure reports to learn how employees are sharing files. Admins can then see if people are unintentionally doing things that aren’t secure and provide the necessary training. 

If you do your homework and prepare your organization to use Google Drive, it can be an excellent tool for managing PHI. But whatever tool you use, it’s only as safe as the people using it. 

Using digital tools securely in an increasingly online world

With so many people using the web for research, communication, and shopping, technology will only become more prevalent. Instead of becoming entrenched in the current way of doing things, business leaders must embrace technology and prepare their organizations to do the same.

Leaders who do this will provide a better customer experience and lead their industry. By taking security seriously, you’ll show patients that you’re an ethical provider they can trust.