Google has made special efforts to accommodate clients working in healthcare by creating a HIPAA Business Associate Agreement (BAA) that helps clients stay compliant when using and storing information on their cloud service. Clients must sign this BAA if they wish to use Google Apps to handle PHI, it describes which Google applications can be used to handle PHI. Google's Compliance Guide indicates that not all Google programs can be used for PHI, but only a subset of offered programs.
Healthcare Companies using Google Apps who are concerned with HIPAA compliance should take advantage of the Admin console's features. These features help to manage security risks and keep track of who is accessing or has access to PHI. The Admin console generates logs and reports that can be configured to provide notifications of events like suspicious login attempts or activity from a suspended user.
A brief overview of how "Included Functionality" Google Apps remain compliant:
Controls in Gmail make it so that information sent is only seen by the sender and the recipient. If files are attached to an email, the sender can specify that the attachments only be seen by the listed recipient.
Link sharing settings in Google Drive can be turned off so that files can only be seen by specified individuals. File visibility can be set to "Private" in Google Apps for Healthcare Companies so that files can not be seen by other users.
When Google Calendar is used in Google Apps for Healthcare Companies, sharing options can be set to "No sharing" so that employees working with PHI do not inadvertently send private information about scheduled appointments or patient data.
Share settings can be set to "Private" so that sensitive information is not accidentally accessed or given out.
Download the HiPPA Compliance Guide for Google Apps and other resources for Healthcare companies in the Showcase.
If your Healthcare company has questions about HIPPA complaince or wants to start using Google Apps, contact us or send us your question down below.