HIPAA Compliance Checker

Most popular search results

Gmail Logo


The free version of Gmail that most people use isn’t HIPAA compliant, but Google’s G Suite can enable HIPAA compliance. G Suite includes Gmail, Google Calendar, and Google Drive, just like the free version, but it also includes security features that, once properly configured, can enable HIPAA compliance.Gmail is the most widely used email service around, with 1.8 billion users worldwide. The ubiquity and familiarity of Gmail make it an appealing option for healthcare companies.HIPAA sets strict standards for protecting patient confidentiality and health information. Sending HIPAA-friendly emails requires training staff to use technological safeguards. Your email provider may follow HIPAA regulations, but that doesn’t automatically make your emails secure. Every employee must understand how HIPAA applies to their email. Training in everything from encrypting sensitive emails to ensuring they’re sent to authorized recipients can help.Healthcare workers are sometimes targeted by phishing and other email attacks. Recent breaches have compromised sensitive personal data, such as Social Security numbers and financial account information, as well as the PHI of hundreds of patients. Continuous training improves the chances that your employees won’t fall prey to phishing scams.Your business needs a straightforward, step-by-step process to help staff comply with both applicable laws, which can include HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act, among others. Now that we’ve considered the importance of strong training and policies, it’s time to take a look at the technical side of things.If you’re a covered entity, or a business associate of a covered entity, you should have a signed business associate agreement (BAA) with every third party that could access the PHI in your custody. Using an email provider is no different. A BAA ensures that your business associate understands how they can use PHI and what security measures are required.The fundamental risk of transmitting PHI via email is that unauthorized people could gain access to that data. Email services that enable HIPAA compliance should have strong security features or allow third-party plug-ins that provide the needed security.Access must be restricted to only those who need the information. Never print emails that contain PHI. These emails should be visible only to the sender and the recipient. Using end-to-end encryption and access controls ensures that ePHI doesn’t fall into the wrong hands.
Salesforce Logo


The Salesforce platform can be set up to meet HIPAA compliance standards through certain features that help keep protected health information (PHI) secure in the cloud. Salesforce includes administrative, physical, technical, organizational, and documentation safeguards to protect PHI.Customers can use customer-controlled security features through Salesforce Covered Services. Additionally, Salesforce has security safeguards such as data encryption in transit, ongoing monitoring for security violations, and audit logging to identify changes in activity. Customer administrators can use configurable tools to define permission sets that govern the visibility of data, maintain strict password security, monitor field level history, set security rules to manage data access, define a company-wide sharing model and role hierarchy.In addition to permission sets, customers can define user profiles to limit data record access to authorized employees.It’s a good idea to use the premium set of Salesforce features known as “Salesforce Shield.” These features provide extra monitoring, encryption, and auditing. You might need to enable other features or additional services to ensure the protection of PHI when information is in transit.If you’re planning to use Salesforce for patient information, reach out to your account representative for a signed Business Associate Agreement (BAA). The account representative can also advise you on specific features and settings for HIPAA compliance.
Google Sheets Logo

Google Sheets

Google Sheets has stated that it enables HIPAA compliance. Google Sheets also offers a range of security features including access controls, auditing, and encryption.Google Sheets is part of Google Workspace, which uses high-level encryption to protect patient health information (PHI). While Google Sheets offers HIPAA-friendly security features, covered entities are responsible for maintaining the right security settings. Your healthcare organization must configure Google Sheets to enable HIPAA compliance.Admin console logs and reports are an important part of HIPAA security for Google Sheets and all other apps in Google Workspace. Use these tools to monitor user collaboration, examine security risks, track sign-ins, and analyze activity. Administrators can set alerts for activities like suspicious login attempts, suspending users, activating a suspended user, adding a new user, changing a password, and granting or revoking admin privileges.In Google Sheets, administrators set visibility and access permissions for both files and folders. These settings also manage the sharing and editing capabilities of collaborators.When using Google Apps, administrators can separate user access for team members who manage PHI. This feature allows an administrator to activate or deactivate specific services for users. For example, since Google+ and YouTube don’t enable HIPAA compliance, administrators should turn off these apps. Also, consider disabling third-party applications and add-ons from third-party developers.