12Records
File storage, retention & HIPAA
Every company file lives in a Shared Drive owned by Good Shepherd Health — never in your personal "My Drive." This protects records, continuity, and HIPAA compliance.
Where files live
- Use Shared Drives — not My Drive — for any business document
- Follow the 10-folder hierarchy (01 Admin … 10 Archive) from the Naming SOP
- Name files with date prefix and version: 2026-06-18 Document Name v2
- Never email attachments — link to the Drive file with the right permission
- Do not download PHI to your local desktop or downloads folder
PHI & HIPAA handling
- Treat any patient name, DOB, MRN, address, or condition as PHI
- Store PHI only in approved, access-controlled Shared Drives
- Never paste PHI into Google Chat, personal email, or AI tools
- Use minimum-necessary access — share only with people who need it
- Report any accidental disclosure within 24 hours via the Incident SOP
Permission & sharing
0/4Retention & archive
0/5When in doubt, do not share
If you are unsure whether a file contains PHI, whether a recipient should have access, or whether something can leave the company, stop and ask your manager or Compliance. A delayed share is always recoverable; a wrongful disclosure is not.