![]() ![]() Opinions expressed are those of the author and do not represent HCPro or ACDIS. Consult legal counsel for answers to specific privacy and security questions. This information does not constitute legal advice. He is also a BOH editorial advisory board member. The unwillingness to sign a BAA means even if the security of iCloud is solid (which it is), you cannot use iCloud to store protected health information (PHI).Įditor’s note : Chris Apgar, CISSP is president of Apgar & Associates LLC, in Portland, Oregon. ![]() However, Dropbox does a bit more by using AES 256- bit encryption while Google uses 128-bit encryption for stored data. They provide two-factor authentication and keeps your data encrypted while they are being transmitted. Apple will not sign a BAA even after the flurry of news around what Apple offers to the healthcare sector. Google Drive vs Dropbox both does a great job in terms of security. Google Drive offers you more free storage space than Dropbox and you can pay additional storage Maximums are 3TB of Dropbox while 30TB of Google Drive. The exception for these platforms is iCloud®. This lets you determine for yourself whether a vendor is continuing to provide the necessary security for your data, and it indicates you are exercising due diligence. If you use these vendors, it is a good idea to either ask them to complete a security questionnaire annually or submit a report such as a SOC 2 Type II report. However, this is true for the business versions of these platforms (not necessarily the consumer versions), and you will still need to obtain a signed business associate agreement (BAA) from your vendor of choice. This means the HIPAA Breach Notification Rule safe harbor is met. For the most part, vendors such as Google, Dropbox, Box®, and others would pass muster with NIST. There are different standards for data transmission versus encryption of data at rest. Q: What are the encryption requirements when using Google Drive™, Dropbox®, or other information-storing applications? How do we ensure HIPAA compliance when using them?Ī: You can find the required level of encryption in the National Institute of Standards and Technology (NIST) Special Publication 800-175B, Revision 1. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |