We've been seeing more vendors, customers, and prospects asking about HIPAA compliant services. Since Paubox is a business associate to thousands of customers, we’ve been wondering if they are able to use Google Hangouts Meet in a HIPAA compliant manner.
Update: With the expiration of COVID-19 related HIPAA Enforcement Discretion measures on May 11, 2023, and the subsequent 90-calendar day transition period ending on August 9, 2023, using non-compliant apps for healthcare may expose providers to penalties and privacy risks. It is crucial to evaluate current technology and procedures and transition to HIPAA compliant solutions during this period to ensure patient privacy, data security, and compliance with federal regulations.
We know the HIPAA industry is vast, so we can empathize with just how many people need to use cloud services in this sector. Today we will determine if Google Hangouts Meet offers HIPAA compliant service or not.
Google Hangouts Meet
Google Hangouts Meet, or simply Meet, is Google's enterprise video conferencing software. Meet is similar to the free, consumer version of Hangouts, with a few additional features like real-time captions and support for up to 250 participants and 100,000 live stream viewers.
See Also: How to Make Gmail HIPAA Compliant
What is a business associate?
A business associate is a person or company that performs certain functions or activities that involve the use or disclosure of protected health information (PHI) for a covered entity. In a nutshell, the role of a business associate is to help covered entities comply with the HIPAA Privacy Rule
Read full article: What Does it Mean to be a Business Associate?
Business associate agreement provisions
If a business associate provides services to a covered entity, then a business associate agreement (BAA) must be in place. A BAA is a written contract between a covered entity and a business associate and is required by law for HIPAA compliance. At a minimum, a business associate agreement contains 10 provisions.
Read full article: Business Associate Agreement Provisions
Google and the business associate agreement
We checked Google for mention of its ability to sign a BAA for Google Hangouts Meet. We found a Google Workspace administrator help article called HIPAA Compliance with Google Workspace. In the article, Google points out: "Administrators must review and accept a BAA before using Google services with PHI. Google offers a BAA covering... Hangouts Meet."
Does Google Hangouts Meet offer HIPAA Compliant Service?
The BAA is a key component to HIPAA compliance between a covered entity and a business associate. Since Google Workspace offers a BAA that covers Google Hangouts Meet, we conclude that Google Hangouts Meet is a HIPAA compliant service, as long as you digitally sign a BAA with Google.
Conclusion: Google Hangouts Meet can be configured for HIPAA compliance.