by Hoala Greevy Founder CEO of Paubox
Article filed in
Google Workspace with BAA vs Paubox
by Hoala Greevy Founder CEO of Paubox
- The Google Workspace Business Associate Agreement (BAA) does not actually cover email sent and received in transit.
- Google Workspace needs an additional service like Paubox to be completely secure for HIPAA Compliant Email.
- Paubox can integrate with Google Workspace in under 30 minutes.
This week we received a useful inbound inquiry from a Health System in Columbia, Missouri.
In a nutshell, they inquired whether the Business Associate Agreement they have with Google and their Google Workspace implementation was sufficient for HIPAA compliant email.
Since we get this question a lot, we thought it would be great content for a blog post.
Health Insurance Portability and Accountability Act
As a recap, HIPAA stands for Health Insurance Portability and Accountability Act. You can learn more about it here.
Here’s the Powerful Question they sent
Here’s what they sent:
I already have paid gmail (precisely [Google Workspace]) and google signed BAA with us. But I’m finding your product very attractive.
Is there any thing Paubox brings beyond what I described above?
Thank you and have a great day!
We felt the answer to this would be helpful for others looking to learn more about Paubox and how it compliments Google Workspace.
The objective of this post is to clarify how Paubox integrates and adds value to Google Workspace.
SEE ALSO: Is Gmail HIPAA Compliant
The Google Business Associate Agreement (BAA) for Google Workspace
As we’ve previously covered, the Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. HIPAA compliance requires a BAA by law to ensure security and privacy.
We checked Google’s site and found a Google Workspace Administrator Help article called HIPAA Compliance with Google Workspace.
In the article, Google points out:
“Google offers a BAA covering Gmail, Google Calendar, Google Drive (including Docs, Sheets, Slides, and Forms), Google Hangouts (chat messaging feature only), Hangouts Meet, Google Keep, Google Cloud Search, Google Sites, Jamboard, and Google Vault services.”
However, it’s important to note that:
- You must sign a BAA with Google. It is not included by default.
- Google’s BAA does not cover email sent or received in transit.
How Paubox Adds Value to Google Workspace
Unlike Google Workspace, Paubox sends encrypted emails to any recipient, regardless if their email provider supports encryption or not.
This is because Paubox sends encrypted emails by default.
Every other email encryption provider requires email senders to be experts in identifying what qualifies as Protected Health Information and manually encrypt each individual email and attachment. However, this method leaves your organization vulnerable to HIPAA violations due to human error.
Humans aren’t perfect, and if people are overwhelmed with their workload already, it is unrealistic to expect them to encrypt specific emails every time. This often results in emails containing PHI being sent without encryption, which qualifies as a data breach and a HIPAA violation.
With Paubox, we offer an easier and more secure way to send encrypted emails. And the best part? Our integration with Google Workspace is so seamless, you won’t notice any change in your email behavior.
Paubox eliminates the need to press any extra buttons or write “secure” in the subject line when sending encrypted emails. Simply compose an email as you normally would, and Paubox takes care of the rest.
By encrypting everything you send out by default, Paubox can ensure HIPAA compliance for your organization while making the experience for your recipients to view and reply to one of your encrypted emails extremely user friendly.
Get Started with Paubox for Google Workspace
Experience how easy email encryption can be with a free no-risk 14-day trial.
What about Pretty Good Privacy (PGP)?
PGP, or Pretty Good Privacy, is a well known email cryptography tool for e-mail. It’s nearly 20 years old yet hardly anyone uses it. Why? Because the user experience with PGP is painful.
Putting the Customer Experience first is one of the core engineering principles behind Paubox.