HIPAA Compliance with Google Vault and Jungle Disk
Health Insurance Portability and Accountability Act of 1996 (HIPAA) compliance is something that many companies out there need to meet and often find themselves unsure where to start. There are so many components to HIPAA compliance, we like to help where we can.
I recently had the pleasure of working with a company that needed to meet HIPAA compliance and was not aware of some of the IT services that they currently used that can help. The most shocking to them was Google G Suite. They currently are on the G Suite platform and were unaware that there were things you can do within the admin console to help with HIPAA compliance. This in conjunction with Jungle Disk encrypted backups can help in certain segments of the regulation.
To start, hosting your Google G Suite account with Jungle Disk is something I would recommend. This way you have one streamline bill and one support team for both your Google account and Jungle Disk backups. It’s an easy process to get your existing account moved over to us. If you don’t have an account don’t worry, we can help you get started on the platform as well.
Within the Google Admin Console, you will have the option to sign a Business Associate Addendum (BAA) with Google. You can find this if you are a super admin on your account and navigate to https://admin.google.com. From there you would then click on “Company Profile” and then the first option that says “Profile.” Once you click on “Profile,” you can scroll down to the last option where you should see, “G Suite/Cloud Identity HIPAA Business Associate Amendment.” The blue link of the title will take you here, which is the HIPAA Business Associate Addendum.
Once that is done, you can install the Jungle Disk software on your computer as well as sync your Google Drive data to your computer. Then you need to configure the Jungle Disk software to backup the Google Drive with the schedule you prefer.
With any backup company, because of the way Google native documents work, there are some things that you need implemented to help safeguard these files. The Jungle Disk software (as well as any backup software) will not be able to restore the Google native files if they were purged from the Google Drive. They can be backed up and restored but the restore will only work if the file is somewhere in the Google Drive already. You have all the other file types backed up and saved with our software so the next step would be to secure the Google native documents data. The default is 30 days if a deleted file is recoverable and that can still be shorter than stated. When an item is purged from the trash in Google Drive, the process can be shorter than that.
To overcome this, you would simply put a hold on the Google Drive data for your organization or just the users that you need it for. Typically, it would be for all users though. The hold in place will keep the files longer than the 30 days until you remove the hold. Creating a hold for the organization is a two-part process: 1. Create a matter 2. Create the hold.
Create a Matter
- Super or authorized admins goes to https://admin.google.com.
- Click on the 9 squares on the top right for your list of apps and click on “Vault” (not available with Google Basic G Suite services).
- Click the option on the left for “Matter” then the red button “Create.”
- Give the Matter a name and description then click “Create New Matter.”
- Right after the above steps, you will be directed to the Hold page. Click on “Create Hold.”
- Give the Hold a name and select the option for “Drive” on what to hold.
- You will then see the bottom populate with more options and you can click on the organization you want to hold the drive data for.
- Click "Save."
After you complete the above steps, you are all set! There may be some other aspects of HIPAA compliance that you need to meet but in this case you are at least better off than when you started. Jungle Disk also offers an email archiving solution that will help with HIPAA compliance too.
If you are not needing to keep the data forever and want to purge it after a certain amount of time, you can do that as well with a retention rule versus the hold.
I enjoyed sharing this knowledge with the customer and helping them. I hope this helps you and your business as well!