HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards. Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI). We know the HIPAA industry is vast and that it is important to properly collaborate on projects while remaining HIPAA compliant. This is especially true with the recent move toward remote working and the increase in cyberattacks against healthcare.
RELATED: Why is healthcare a juicy target for cybercrime?
Today, we will determine if Google Tables is HIPAA compliant or not.
SEE ALSO: HIPAA compliant email
About Google Tables
Google Tables was beta released in 2020 as a real-time collaborative database program. Tables is not part of Google Drive or Google Workplace though it will join Google Cloud shortly.
RELATED: Google & HIPAA compliance: the ultimate guide
Tables can keep track of customers, vendors, sales, and employees. Multiple users can work in Tables at the same time, sharing, opening, and editing spreadsheets using similar permissions as Google Drive.
Google Tables and the business associate agreement
A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involve the use or disclosure of PHI. In this instance, Google Tables is a business associate for a healthcare organization if it handles PHI within its spreadsheets.
RELATED: Is a name PHI?
Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA. Google will sign a BAA for some of its products, but Google Tables is not on the list, though there is a Google Cloud BAA available.
RELATED: Google Workspace with BAA vs Paubox
Google Tables and data protection
According to the Security & Certifications, Tables uses the standard Google infrastructure and data centers. It also encrypts data in transit and at rest. Furthermore, Google performs regular privacy and security reviews and follows its standard deletion practices for Tables. While Google Cloud can be configured for HIPAA compliance, the Google Tables security web page states, “Tables is not compliant with HIPAA or FERPA at this time.”
SEE ALSO: What is FERPA?
Because Google Tables is in beta format, further information is unavailable.
Is Google Tables HIPAA compliant?
The BAA is a key component of HIPAA compliance and as of today, Google Tables does not appear to be covered under a BAA, unlike other Google services. Moreover, the Google Tables website states that it is not currently HIPAA compliant. If a breach or HIPAA violation occurs and any PHI is visible, the covered entity is liable. RELATED: Your cybersecurity strategy is probably lacking
Conclusion Google Tables may be HIPAA compliant when it joins Google Cloud but is not HIPAA compliant at this time.
Paubox—collaboration through email
There is always one sure way to collaborate within the healthcare industry: Paubox Email Suite enables you to send HITRUST CSF certified, HIPAA compliant email.
RELATED: Why healthcare providers should use HIPAA compliant email
Paubox utilizes strong blanket TLS encryption as well as two-factor authentication to guarantee your communication remains safe and secure at all times. And the best part, our solution integrates with any email platform you may already use such as Google Workspace or Microsoft 365. No change in behavior for anyone while ensuring quick collaboration through HIPAA compliant email.