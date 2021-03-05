



Apple will not sign the BAA, even after a flood of news about what Apple offers to its healthcare sector.

A version of this article was first published on March 4, 2021 by Revenue Cycle Advisor of HCPro, a brother publication of Health Leaders.

Q: What are the encryption requirements when using Google Drive, Dropbox, or other information storage applications? How do you guarantee HIPAA compliance when using them?

A: The required level of encryption is described in National Institute of Standards and Technology (NIST) Special Publication 800-175B, Revision 1.

There are different standards for data transmission and data at rest encryption. In most cases, vendors such as Google, Dropbox, and Box go through the rally at NIST.

This means that the safe harbor of the HIPAA violation notification rule is met. However, this applies to the business version of these platforms (not necessarily the consumer version), and you must obtain a signed Business Associate Agreement (BAA) from the vendor of your choice.

If you use these vendors, we recommend that you ask them to complete a security survey each year or submit a report, such as a SOC 2 Type II report.

This allows you to determine for yourself whether the vendor continues to provide the security you need for your data, indicating that you are performing due diligence.

The exception to these platforms is iCloud. Apple will not sign the BAA, even after a flood of news about what Apple offers to its healthcare sector.

Not wanting to sign a BAA means that even if iCloud is secure (and it is), iCloud cannot be used to store protected health information (PHI).

Editor’s Note: Chris Apgar of CISSP is President of Apgar & Associates LLC in Portland, Oregon. He is also a member of the BO Heditorial Advisory Board. This information does not constitute legal advice. Talk to your lawyer for answers to specific privacy and security questions. The opinions expressed are those of the author and do not represent HC Pro or ACDIS.

Revenue Cycle Advisor integrates all of HCPro’s Medicare regulatory and reimbursement resources into one convenient and accessible portal. News is not just repeated from other sources. Analyzed by Medicare professionals, they can fully understand new rules and regulatory updates. learn more.

Photo by: Sankt-St. Petersburg, Russia, April 27, 2018: Google Drive application icon on Apple iPhone X screen close-up. Google Drive icon. Google Drive application. Social Media Network / Editing Credits: BigTunaOnline / Shutterstock.com

