HIPAA Compliance with Google Apps Just Got Easier

One of the challenges using any IT service are external requirements for data use and privacy.  Among the most restrictive are those imposed by the Healthcare Insurance Portability and Accountability Act (HIPAA).  HIPAA regulations intend to ensure data is private and protected from accidental or intentional breach, and is only shared as needed to ensure appropriate medical care.

One aspect of HIPAA requires entities to execute a Business Associate Agreement (BAA) with any organization with which Protected Health Information (PHI) is shared.  Sharing not only includes data provided to other medical professionals, sharing includes data stored on systems or managed by services.  The BAA defines each party’s roles and responsibilities with respect to data protection and privacy, and accountability in the event of any inappropriate breech or release.

For organizations using Google Apps for Business, Education, or Government, documenting HIPAA compliance just became easier.

Google Apps administrators may now complete and execute a BAA with Google covering key services in Google Apps, specifically:

• Gmail
• Calendar
• Drive
• Google Apps Vault
  

The BAA does not cover other services within Google Apps, nor does it cover third-party or marketplace applications.  As such, signing the BAA and implementing Google Apps as part of a HIPAA compliant infrastructure still requires planning, policies and procedures, and an examination of other systems and applications.

Contact us to learn more.