Step-by-Step: Establishing a BAA with Google for HIPAA
Summary: To use Google Workspace with Protected Health Information (PHI), you must enter into a Business Associate Agreement (BAA) with Google. As of 2026, this process is handled digitally within the Google Admin Console. However, a signed BAA is only the first step;...
Is OneDrive HIPAA Compliant? Your Guide to Secure File Storage
At a Glance: OneDrive & HIPAA Compliance Is it compliant? Not by default. OneDrive requires an Enterprise-level subscription, a signed Business Associate Agreement (BAA), and specific security configurations to meet U.S. federal standards. 3 Key Requirements: Legal:...
The Shield of System Hardening: Why Your ePHI Needs a Defense-in-Depth Strategy
In the modern cybersecurity landscape, a simple firewall is no longer a sufficient barrier against sophisticated threats. As highlighted in the January 2026 OCR Cybersecurity Newsletter, system hardening has become an essential process for shrinking your “attack...
Preparing for the February 16, 2026 42 CFR Part 2 (SUD) Deadline
For years, 42 CFR Part 2 has operated as a separate, more stringent set of rules than HIPAA. However, following the CARES Act, the HHS has issued a Final Rule to bring these two frameworks into closer alignment. The compliance deadline is February 16, 2026. It is...