Is Google Drive Safe For My Client Files?
Is Google drive safe? Is Google HIPAA Compliant? Well, the answer is Yes and No.
As I started to use Google forms and documents more often for data keeping, attendance, reports, progress notes, invoices, you name it..., I started wondering...Is Google drive HIPAA compliant? Are my client's sensitive information safe?
What's HIPAA anyway?
First off, let's cover...what is HIPAA?
Briefly, HIPAA (The Health Insurance Portability and Accountability Act) makes sure we (medical professionals) keep all of our patient’s sensitive data private.
This is a huge deal and we should all take this very seriously!
Is Google Drive HIPAA Compliant?
No! Regular Gmail and all Google Apps associated with your REGULAR Google account are not HIPAA compliant.
From what I gather, the main reason for this answer has to do with the advertising in Gmail and security with some of the apps. Again, there is more to it but for our purposes, you just need to know that it is not HIPAA compliant.
However, don't lose all hope yet. There are options for those Google lovers out there.
Options For HIPAA Compliant Google
G Suite is a paid option from Google that allows you to use Gmail and almost all of Google apps (I'll get to that in a second) for record keeping, etc....
G Suite is a Google business account that costs $5 per month. It uses your domain (website) as an email. For example, mine is firstname.lastname@example.org.
For all that it offers, it is quite a bargain! To learn more about G Suite, click here.
Some Tips On Using G Suite
For those who want to try G Suite, there is a 2-week free trial. I would try it if you are on the fence! I am not an affiliate, so this is truly just my honest opinion.
If you do try it, you must sign their BAA to complete your HIPAA compliance. It is quick and easy to do.
Once all those steps are completed (setting up an account and signing a BAA), you are ready to go.
However, there are some Google apps that can and can't be used.
You can use:
- Drive (including Docs, Sheets, Slides, and Forms)
- Hangouts (chat messaging feature only)
- Hangouts Meet
- Google Cloud Search
You CAN'T use or store any PHI in:
G Suite is an email, word processing, data storage option that is HIPAA compliant (if you follow their instructions).
The benefits are:
- Cloud storage
- Google apps
- Google storage for client files
- Multiple users (for private practice)
Now I LOVE G Suite and Google Drive. If you want to get started using Google Drive for your students or for private practice, I have some free templates to check out: speech therapy documentation using Google Drive here.