Yes, Google Drive is HIPAA compliant because it will sign a Business Associate Agreement (BAA). It also offers access control, allowing only authorized personnel to access ePHI, as well as activity logs and audit controls to register any attempts to access ePHI.
Just so you know
To securely collect medical data, files, and payments online and send them to Google Drive automatically, JotForm offers HIPAA-compliant online forms and a free Google Drive integration.
Google Drive is part of G Suite, which has TLS (Transport Layer Security) encryption to protect PHI. To adhere to HIPAA-compliant procedures, Google Drive users will need to sign a BAA and disable file sharing and syncing. The BAA does not apply to third-party apps that connect with G Suite, so an additional BAA from that app provider is required to meet HIPAA compliance standards.
Google will sign a BAA with healthcare companies that use G Suite but not until all security protocols are in place. Using G Suite to transmit or store PHI before you have the BAA is a HIPAA violation.
Healthcare companies have embraced G Suite because of its robust security features and low cost.
Setting up a HIPAA-compliant Gmail account
Simply purchasing G Suite doesn’t make your email HIPAA compliant. To use Gmail, even with G Suite, you must configure your account correctly. Here are the steps to ensure Gmail is HIPAA compliant:
