Select Page

Google Drive, iCloud and HIPAA

Exit forum ID Forum Discussion Google Drive, iCloud and HIPAA

This topic contains 4 replies, has 1 voice, and was last updated by   Keith Puri, DC March 1, 2019 at 11:03 am.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #4670

    Matthew Ellerbrock

      I recently had an IT guy email me his MRI results and he was adamant that I NOT save any images to google drive as he didn’t trust the security.

      That started a dialogue with him and then HIPAA came up so I checked if google drive was in fact, HIPAA compliant. I do transfer a lot of patient images, reports etc over via google drive, and I am sure a lot of ID providers do as well.

      I am not sure if anyone has even been sued for a HIPAA violation, but thought it was worth sharing the actual answer to if Google Drive is HIPAA compliant, found here on this link: (short answer is ‘yes’ if you pay for Google Suite and follow the rules of use).

      Is Google Drive HIPAA Compliant?

      What’s worse is iCloud…
      Is iCloud HIPAA Compliant?

      It doesn’t matter what security controls are in place to ensure ePHI cannot be accessed by unauthorized individuals. If a communications channel is not covered by the conduit exception rule and the service provider will not enter into a contract with a HIPAA covered entity in the form of a business associate agreement, the service cannot be used with any ePHI. So, is iCloud HIPAA compliant? Until such point that Apple decides to sign a BAA, iCloud is not a HIPAA compliant cloud service and should not be used by healthcare organizations for sharing, storing, or transmitting ePHI.

      Since I am 45 years old (my first office had someone typing HCFA on a typewriter)…. I am generally feeling that one of the younger, more techy ID providers have discovered how to successfully store data in a ‘cloud’ that is accessible but still HIPAA compliant.

      #4672

      Eric Lambert, DC
      Participant

        I found this article that might help Matt. Thanks for your investigation into it.

        Top 5 HIPAA-Compliant Cloud Storage Services

        I feel like this is something that Bill should address as well with ID providers, as we all take photos and store them in accordance to doing ID correctly. Even the photos and documents in keynote get uploaded to the icloud now. So if there is something that others are using that is working really well, please share it with us older guys. 😉

        #4673

        William Brady, DC
        Participant

          I think those provided links are great. Thank you.

          The individual provider is responsible for compliance with applicable laws, as the rules (laws) and services (software options) are constantly changing.

          ID is in the business of training programs in clinical excellence. With the current ID recommendations notes are done on paper and pictures are taken with a camera or mobile device. If that stays on your device or goes to the cloud, or which cloud, those are your choices. Looks like that article is recommending Google Business Drive and DropBox Business. I would think you can also save images/files to a local hard drive connected to your office wifi network?

          Hopefully one of our providers has a solution they have already vetted and will share that here.

          #4674

          Matthew Ellerbrock

            Eric,

            It appears you have to stop the iCloud backup that most likely happens automatically from your Keynote App. Not too tough, but has to happen if you want to make sure your compliant.

            My IT guy thinks a local hard drive is a great option, (but can be pricey), but not as accessible as Dropbox business (about $12/month). So it looks like Dropbox Business was the choice to do for me anyways, I just have to figure out how to get a BAA signed from them.

            #4675

            Keith Puri, DC
            Participant

              A patient of mine who is also an attorney uses and recommends Egnyte for file storage and sharing. I have not looked into it too much but it appears to be compliant for healthcare needs. It costs a little more than Dropbox per month but Egnyte markets the following reasons to switch.

              The ease-of-use of Dropbox, without security and privacy risks
              Control and visibility over users, data and devices
              Secure shared folders with granular access permissions

              https://www.egnyte.com/industries/healthcare-life-sciences-file-

              sharing.htmlhttps://www.egnyte.com/corp/plans_pricing.html

            Viewing 5 posts - 1 through 5 (of 5 total)

            You must be logged in to reply to this topic.