Modernizing Medicine has a Business Associate Agreement (BAA) with Google; per this BAA, EPHI is ONLY allowed in a subset of Google services. Please store/share EPHI in G Suite only as described below. Any employee found in violation of this policy may be subject to disciplinary action.
G Suite applications where you can store/share EPHI
*Gmail (including Inbox by Gmail), Google Calendar, Google Drive (including Docs, Sheets, Slides, and Forms), Google Keep, Google Sites, Google Hangouts (chat messaging feature only), Google Hangouts Meet
*Sending EPHI in Gmail is ONLY allowed thru Encrypt and Share (see below). Do not send EPHI thru Gmail w/out Encrypt and Share.
G Suite applications where you must not store/share EPHI
Google Groups, Google Contacts, Google+, YouTube, Blogger, Google Photos
We are not allowed to store/share EPHI anywhere else in G Suite, including new applications that Google may push out.
Encrypt and Share (kudos to Guillermo!)
is a Mac only application available in MSC that uses Google Drive to make sharing EPHI easy, fast and secure. Here is how to use it
Option 1: Watch https://drive.google.com/a/modernizingmedicine.com/file/d/0B0fodgAPA9wINkEtQUxBNldfdXM, a 4-minute video.
Option 2: Read the steps below
1) Launch MSC, then search for and install Encrypt and Share.
2) Open Encrypt and Share from the Applications folder in Finder. Once it is open, you can keep it in the Dock for easy access.
3) In Encrypt and Share, select the file or folder you'd like to share, enter the email address of the person you'd like to share with, and click on the Encrypt and Share button.
At this point the application will encrypt the file, upload it to Google Drive, share it from Google Drive, show you the link in Google Drive to the file, and show you the encryption password to open the file.
4) Now click on Done and close the app. Voila!
You can share the password for the file over a face to face Google Meet meeting. If you must use email, please have the customer email you first from the email address to which you'll be sending the password; then email the password in an empty email. This is, call the recipient so that she is expecting the email, then send the email w/ nothing else on it but the password.
As always, please reach out to Corp IT if you have any concerns about the app. Thank you!