We've been seeing more vendors, customers, and prospects asking about HIPAA compliant services. Since Paubox is a Business Associate to thousands of customers, we’ve been wondering if they are able to use Google Groups in a HIPAA compliant manner.
SEE ALSO: Google & HIPAA Compliance: The Ultimate Guide
We know the HIPAA industry is vast, so we can empathize with just how many people need to use cloud services in this sector. Today we will determine if Google Groups offers HIPAA compliant service or not.
Google Groups provides discussion groups for people sharing common interests. Google Groups also provides a gateway to Usenet newsgroups via a shared user interface. Google Groups launched 2001 following its acquisition of the Deja Usenet archive.
See Also: How to Make Gmail HIPAA Compliant
What is a Business Associate?
A Business Associate is a person or company that performs certain functions or activities that involve the use or disclosure of protected health information (PHI) for a Covered Entity. In a nutshell, the role of a Business Associate is to help Covered Entities comply with the HIPAA Privacy Rule
Read full article: What does it mean to be a Business Associate?
Business Associate Agreement provisions
If a Business Associate provides services to a Covered Entity, then a Business Associate Agreement (BAA) must be in place. A BAA is a written contract between a Covered Entity and a Business Associate and is required by law for HIPAA compliance. At a minimum, a Business Associate Agreement contains 10 provisions.
Read full article: Business Associate Agreement Provisions
Google and the Business Associate Agreement
We checked Google for mention of their ability to sign a Business Associate Agreement (BAA) for Google Groups. We found a Google Workspace Administrator Help article called HIPAA Compliance with Google Workspace. In the article, Google points out: "Administrators must review and accept a BAA before using Google services with PHI. Google offers a BAA covering... Google Groups."
Does Google Groups offer HIPAA Compliant Service?
The Business Associate Agreement (BAA) is a key component to HIPAA compliance between a Covered Entity and a Business Associate. Since Google Workspace offers a BAA that covers Google Groups, we conclude that Google Groups is a HIPAA compliant service, as long as you digitally sign a BAA with Google.
Conclusion: Google Groups can be configured for HIPAA compliance.