Yes, Google Drive is HIPAA compliant because it will sign a Business Associate Agreement (BAA). It also offers access control, allowing only authorized personnel to access ePHI, as well as activity logs and audit controls to register any attempts to access ePHI.
Google Drive is part of G Suite, which has TLS (Transport Layer Security) encryption to protect PHI. To adhere to HIPAA-compliant procedures, Google Drive users will need to sign a BAA and disable file sharing and syncing. The BAA does not apply to third-party apps that connect with G Suite, so an additional BAA from that app provider is required to meet HIPAA compliance standards.
Google will sign a BAA with healthcare companies that use G Suite but not until all security protocols are in place. Using G Suite to transmit or store PHI before you have the BAA is a HIPAA violation.
Healthcare companies have embraced G Suite because of its robust security features and low cost.
Setting up a HIPAA-compliant Gmail account
Simply purchasing G Suite doesn’t make your email HIPAA compliant. To use Gmail, even with G Suite, you must configure your account correctly. Here are the steps to ensure Gmail is HIPAA compliant:
Disclaimer:
Readers should perform their own research before making the final decision. The information on the JotForm HIPAA Compliance Checker does not constitute official healthcare or legal advice. JotForm is not liable for any damage or liabilities arising out of or connected in any manner with this platform.