We've been seeing more vendors, customers, and prospects asking about HIPAA compliant services. Since Paubox is a Business Associate to thousands of customers, we’ve been wondering if they are able to use Google Tasks in a HIPAA compliant manner.
SEE ALSO: Google & HIPAA Compliance: The Ultimate Guide
We know the HIPAA industry is vast, so we can empathize with just how many people need to use cloud services in this sector. Today we will determine if Google Tasks offers HIPAA compliant service or not.
Google Tasks
Google Tasks allows users to create a to-do list within Gmail or the Google Tasks app. When a task is added, it can be integrated into a user's Gmail calendar
See Also: How to Make Gmail HIPAA Compliant
What is a Business Associate?
A Business Associate is a person or company that performs certain functions or activities that involve the use or disclosure of protected health information (PHI) for a Covered Entity. In a nutshell, the role of a Business Associate is to help Covered Entities comply with the HIPAA Privacy Rule
Read full article: What does it mean to be a Business Associate?
Business Associate Agreement provisions
If a Business Associate provides services to a Covered Entity, then a Business Associate Agreement (BAA) must be in place. A BAA is a written contract between a Covered Entity and a Business Associate and is required by law for HIPAA compliance. At a minimum, a Business Associate Agreement contains 10 provisions.
Read full article: Business Associate Agreement Provisions
Google and the Business Associate Agreement
We checked Google for mention of their ability to sign a Business Associate Agreement (BAA) for Google Tasks. We found a Google Workspace Administrator Help article called HIPAA Compliance with Google Workspace. In the article, Google points out: "Administrators must review and accept a BAA before using Google services with PHI. Google offers a BAA covering... Google Tasks."
Does Google Tasks offer HIPAA Compliant Service?
The Business Associate Agreement (BAA) is a key component to HIPAA compliance between a Covered Entity and a Business Associate. Since Google Workspace offers a BAA that covers Google Tasks, we conclude that Google Tasks is a HIPAA compliant service, as long as you digitally sign a BAA with Google.
Conclusion: Google Tasks can be configured for HIPAA compliance.