Chat with us, powered by LiveChat

Google – A HIPAA Compliant Business Associate?

google logo

Last month, Google announced that they will sign a HIPAA Business associate agreement (BAA) with organizations who are using their Google Apps services: Gmail, Calendar, Drive, and Google Apps Vault.

HIPAA (Health Insurance Portability and Accountability Act) is a set of laws requiring secure access to identifiable healthcare information. All organizations must comply in protecting specific information including name, address, health information and payment records (referred to as “protected health information” or PHI).

The BAA is required when two or more entities share PHI in order to outline the responsibilities between the parties as to the security of the information as well as outline accountability in case of a breach.

To sign up for the BAA with Google, an administrator must answer the following three questions online:

  1. Are you a Covered Entity (or Business Associate of a Covered Entity) under HIPAA?
  2. Will you be using Google Apps in connection with Personal Health Information?
  3. Are you authorized to request and agree to a Business Associate Agreement with Google for your Google Apps domain?

After responding, the administrator will be taken to the BAA for review and signature.

If your organization is looking for email, calendar, and document storage that is HIPAA compliant, Google is a great place to start.