Opinions expressed are those of the author and do not represent HCPro or ACDIS. Consult legal counsel for answers to specific privacy and security questions. This information does not constitute legal advice. ![]() Once done, you will see a virtual drive appears in the Windows Explorer after this, as well as a quick access point right in the Favorites. Note that this password will be used on the other computer you are sharing data through Dropbox. He is also a BOH editorial advisory board member. Click OK, and type in the password used as the key to encrypt the data. The unwillingness to sign a BAA means even if the security of iCloud is solid (which it is), you cannot use iCloud to store protected health information (PHI).Įditor’s note : Chris Apgar, CISSP is president of Apgar & Associates LLC, in Portland, Oregon. Apple will not sign a BAA even after the flurry of news around what Apple offers to the healthcare sector. The exception for these platforms is iCloud®. This lets you determine for yourself whether a vendor is continuing to provide the necessary security for your data, and it indicates you are exercising due diligence. If you use these vendors, it is a good idea to either ask them to complete a security questionnaire annually or submit a report such as a SOC 2 Type II report. However, this is true for the business versions of these platforms (not necessarily the consumer versions), and you will still need to obtain a signed business associate agreement (BAA) from your vendor of choice. However, Dropbox does a bit more by using AES 256- bit encryption while Google uses 128-bit encryption for stored data. They provide two-factor authentication and keeps your data encrypted while they are being transmitted. ![]() This means the HIPAA Breach Notification Rule safe harbor is met. Google Drive vs Dropbox both does a great job in terms of security. ![]() For the most part, vendors such as Google, Dropbox, Box®, and others would pass muster with NIST. There are different standards for data transmission versus encryption of data at rest. Q: What are the encryption requirements when using Google Drive™, Dropbox®, or other information-storing applications? How do we ensure HIPAA compliance when using them?Ī: You can find the required level of encryption in the National Institute of Standards and Technology (NIST) Special Publication 800-175B, Revision 1.
0 Comments
Leave a Reply. |