Google will accept no responsibility for any misconfiguration of G Suite. The BAA does not mean a HIPAA covered entity is then clear to use the service with PHI. These must be avoided unless a separate BAA is obtained from the provider/developer of that app. The BAA does not cover any third-party apps that are used in conjunction with G Suite. It should be noted that PHI can only be shared or used via a Google service that is specifically covered by the BAA. Prior to use of any Google service with PHI, it is essential for a covered entity to review, sign and accept the business associate agreement (BAA) with Google. The use of any software or cloud platform in conjunction with protected health information requires the vendor of the service to sign a HIPAA-compliant business associate agreement (BAA) prior to the service being used with any PHI. Google offers a BAA for Google Drive (including Docs, Sheets, Slides, and Forms) and other G Suite apps for paid users only. G Suite incorporates all of the necessary controls to make it a HIPAA-compliant service and can therefore be used by HIPAA-covered entities to share PHI (in accordance with HIPAA Rules), provided the account is configured correctly and standard security practices are applied. The service does not violate HIPAA Rules provided HIPAA Rules are followed by users. G Suite β formerly Google Apps, of which Google Drive is a part β does support HIPAA compliance. Even a software solution or cloud service that is billed as being HIPAA-compliant can easily be used in a manner that violates HIPAA Rules. HIPAA compliance is less about technology and more about how technology is used. The answer to the question, βIs Google Drive HIPAA compliant?β is yes and no. Google Drive is a useful tool for sharing documents, but can those documents contain PHI? Is Google Drive HIPAA compliant? Is Google Drive HIPAA Compliant?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |