HIPAA Compliant Spreadsheets

Spreadsheets are a great way to store and organize important medical data in one easily-accessible place — but just how secure are they? To keep sensitive patient data safe, see which popular online spreadsheet apps offer HIPAA compliance with our free HIPAA compliance checker. JotForm makes it easy to collect important medical data, files, and payments via custom online forms and instantly sync them to your spreadsheets. You’ll never have to manually transfer data between accounts again, saving time better spent saving lives.

Listing 3 Results for “Spreadsheets

Google Sheets

Google Sheets

Google Sheets is part of G Suite, which uses high-level encryption to protect patient health information (PHI). Google doesn’t access the PHI in Google Sheets but still needs to sign a BAA since this data is stored on Google servers. Google will sign an agreement with businesses that use G Suite services such as Google Sheets, Google Docs, Google Slides, Google Drive, and Google Forms.While Google Sheets offers HIPAA-compliant security features, covered entities are responsible for maintaining the right security settings. Your healthcare organization must configure Google Sheets to be HIPAA compliant.Admin console logs and reports are an important part of HIPAA-compliant security for Google Sheets and all other apps in G Suite. Use these tools to monitor user collaboration, examine security risks, track sign-ins, and analyze activity. Administrators can set alerts for activities like suspicious login attempts, suspending users, activating a suspended user, adding a new user, changing a password, and granting or revoking admin privileges.In Google Sheets, administrators set visibility and access permissions for both files and folders. These settings also manage the sharing and editing capabilities of collaborators.When using Google Apps, administrators can separate user access for team members who manage PHI. This feature allows an administrator to activate or deactivate specific services for users. For example, since Google+ and YouTube aren’t HIPAA compliant, administrators should turn off these apps. Also, consider disabling third-party applications and add-ons from third-party developers.
Smartsheet

Smartsheet

Smartsheet enables covered entities to store, access, and share protected health information (PHI). Its security and privacy services meet or exceed HIPAA’s regulatory requirements for protecting health data.Customers can access the Smartsheet HIPAA Implementation Guide to learn how to properly configure Smartsheet for PHI. Covered entities must adjust specific features and security controls for HIPAA compliance. Security features include user access management, user auto-provisioning, activity monitoring, and sharing-control management.Physical, administrative, and technical protections are available through Smartsheet security configurations. External auditors verify the security processes annually. Additionally, customers can request audit reports and penetration test reports.Encryption protects data in transit and at rest. To transmit content securely, users should use the share function to send a link to a cloud-based document. Importing data and sending it through the attachment feature may put the security of PHI at risk.HIPAA compliance applies to the main Smartsheet tools only. Add-ons such as partner apps may not meet HIPAA requirements. Covered entities should evaluate the security and privacy of each add-on before using it with PHI.Smartsheet will sign a business associate agreement (BAA) for customers with an Enterprise plan. File attachments in Smartsheet are stored and managed through Amazon Web Services (AWS). In addition to signing a BAA with covered entities, Smartsheet also has a BAA in place with AWS.