For Google Drive to be HIPAA Compliant the following must be implemented:
- Secure a Google BAA
- Implement access controls
- Enable 2-factor authentication
- Turn off link sharing and file syncing
- Sharing files outside the domain must be restricted
- Use unique passwords
- Set document visibility to private
- Disable offline storage, third-party app, and add-ons
- Regularly audit account logs, access, and shared file reports
- Ensure that ‘manage alerts’ setting is turned on to notify administrators of changes to settings
- Google Drive data must be backed up
- Train staff on how to use G Suite in a HIPAA compliant manner
- DO NOT put PHI as the title of a file
source:https://compliancy-group.com/is-google-drive-hipaa-compliant/
Can't find what you're looking for?