HIPAA-Friendly Spreadsheets

Google Sheets has stated that it enables HIPAA compliance. Google Sheets also offers a range of security features including access controls, auditing, and encryption.Google Sheets is part of Google Workspace, which uses high-level encryption to protect patient health information (PHI). While Google Sheets offers HIPAA-friendly security features, covered entities are responsible for maintaining the right security settings. Your healthcare organization must configure Google Sheets to enable HIPAA compliance.Admin console logs and reports are an important part of HIPAA security for Google Sheets and all other apps in Google Workspace. Use these tools to monitor user collaboration, examine security risks, track sign-ins, and analyze activity. Administrators can set alerts for activities like suspicious login attempts, suspending users, activating a suspended user, adding a new user, changing a password, and granting or revoking admin privileges.In Google Sheets, administrators set visibility and access permissions for both files and folders. These settings also manage the sharing and editing capabilities of collaborators.When using Google Apps, administrators can separate user access for team members who manage PHI. This feature allows an administrator to activate or deactivate specific services for users. For example, since Google+ and YouTube don’t enable HIPAA compliance, administrators should turn off these apps. Also, consider disabling third-party applications and add-ons from third-party developers.

Smartsheet enables covered entities to store, access, and share protected health information (PHI). Its security and privacy services appear to meet or exceed HIPAA’s regulatory requirements for protecting health data.Customers can access the Smartsheet HIPAA Implementation Guide to learn how to properly configure Smartsheet for PHI. Covered entities should adjust specific features and security controls for HIPAA compliance. Security features include user access management, user auto-provisioning, activity monitoring, and sharing-control management.Physical, administrative, and technical protections are available through Smartsheet security configurations. External auditors verify the security processes annually. Additionally, customers can request audit reports and penetration test reports.Encryption protects data in transit and at rest. To transmit content securely, users should use the share function to send a link to a cloud-based document. Importing data and sending it through the attachment feature may put the security of PHI at risk.Covered entities should evaluate the security and privacy of each Smartsheet add-on before using it with PHI.File attachments in Smartsheet are stored and managed through Amazon Web Services (AWS). Smartsheet states that it has a BAA in place with AWS.

While WPS Office offers a variety of security features, including encryption, to protect customers’ data, the company hasn’t said that it has sufficient protection to meet HIPAA guidelines. Covered entities that want to use this free software for word processing, spreadsheets, or presentations shouldn’t put protected health information (PHI) in the files.If you need services that enable HIPAA compliance, choose an office suite that specializes in HIPAA solutions.