Yes and no. Simply signing up for and using Google Drive does not a HIPAA compliant approach to cloud storage make. There are three things to keep in mind: Business Associate Agreements; audit trails; and file synchronization.
According to Google’s own HIPAA compliance guidelines, businesses that want to store PHI on Google Drive in a HIPAA-compliant https://www.hipaanswers.com/is-google-drive-hipaa-compliant/ way need to sign a Business Associate Agreement with Google. The good news is that Google offers BAAs for paid users of its Google Apps platform. Specifically, the BAA covers Gmail, Google Calendar, Google Drive, and Google Apps Vault. The big caveat, though, is that it’s incumbent on the health care organization itself to configure those services to be Hipaa Compliant. The BAA also requires that you disable all additional services in the Admin console.
The Google Apps Admin console provides reports that provide important control over a team’s data. Admins can set file-sharing permissions so that people only have access to sensitive protected health information on a need-to-know basis, and they can also prevent employees from sharing information outside their domain.