If you are a business that deals with protected health information (PHI) in any way, shape or form, you are likely required to sign a HIPAA business associate agreement (BAA) with any third-party vendors who also handle your PHI. These vendors, or business associates, must comply with the same security and privacy regulations as you, as a covered entity under HIPAA.
One of the most commonly used tools for businesses is Google`s G Suite, which includes popular applications such as Gmail, Google Drive and Google Docs. However, as with any third-party vendor, it is essential to ensure that Google is willing to enter into a HIPAA BAA with your business before you begin using their services to handle PHI.
Google has made it clear that they are willing to sign a HIPAA BAA with businesses who use G Suite to handle PHI. This agreement outlines the obligations of both Google and your business with regard to the handling and protection of PHI.
To initiate the process of entering into a BAA with Google, your business must have a G Suite account and enable the appropriate security features. Once this is done, you can complete the BAA request form on the Google Cloud website, providing your company`s information and signing the agreement, which is pre-populated with Google`s obligations under HIPAA.
It is important to note that not all Google services are covered under the HIPAA BAA. For example, Google Hangouts, Google Meet, and Google Voice are currently not included in the agreement, so they should not be used for communicating PHI.
In addition, it is important to understand that the HIPAA BAA only covers Google`s handling of PHI that is stored or transmitted through G Suite. Your business is still responsible for ensuring that your own processes and procedures comply with HIPAA regulations, such as properly securing PHI on your own servers and devices.
Overall, if your business is looking to use Google G Suite to handle PHI, it is essential to have a signed HIPAA BAA in place. With Google`s willingness to enter into these agreements, it can be a reliable and convenient solution for businesses who need to handle PHI regularly.