HIPAA Compliance & Cloud Services
If you use any service like iCloud, One Drive, Google Drive, Dropbox, or even Google Docs, you’re already using cloud services. Cloud services often are used for data storage or backups. Providers have made using these services so easy that you may even use them in your business environment. If so, you need to ask your provider if your cloud services are HIPAA compliant.
HIPAA Compliance 360
If you’re one of those people that skips to the last page of the book, Pit Crew can help your business with HIPAA compliance. Our HIPAA Compliance 360 service covers all aspects of technical and administrative patient data privacy. We make sure that you’re HIPAA compliant so you don’t have to.
Are Your Cloud Services HIPAA Compliant?
Before giving serious consideration to any cloud service, you must ask if the service is HIPAA compliant. Often, cloud services can be offered to meet HIPAA compliancy, but the provider may disable some features. For example, Google offers a variety of features via cloud services, but only some of them are HIPAA Compliant.
Get a Business Associate Agreement
The key to finding out what services you can use or what features you can use is to request a HIPAA Business Associate Agreement. The cloud provider as the Business Associate should be able to provide this agreement to you along with the information to any limitations that might exist.
HIPAA Compliance for Gmail and G Suite for Business
As an example, Google offers a Business Associate Agreement for its G Suite services (formerly Google Apps). You can use most services, except for Google+, Google Groups, or Google Contacts. For the permitted services, remaining HIPAA compliant while using them gets a little tricky.
Emails sent through Gmail that include any files must be set to only share those files with the intended recipient. Files stored on Google Drive require certain permissions to be set. Google Calendar has to be set to only share free/busy information (not event details).
Google has published a lengthy document detailing how to use their services. If you use G Suite already, read more here.
Make Sure Your Business is Compliant
The example above provides details for just one company’s cloud services offering. The more services you use, the more complicated things become. Consequently, it’s easy to be overwhelmed if you happen to be your company’s HIPAA Compliance Officer.
Pit Crew IT Services has not only gone through third-party HIPAA certification, but we passed the certification process with one of the best scores the certification company had ever seen. Our HIPAA Compliance 360 service takes about 70% of the load off your plate. Start making your life easier today with our completely free business consultation.