by Sara Uzer
Article filed in
Is Looker HIPAA compliant?
by Sara Uzer
HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.
HIPAA compliance has become increasingly complicated as more healthcare providers embrace the use of digital tools to improve their operations. This includes leveraging analytics platforms to gather valuable insights about website visitors.
While these solutions may help boost patient engagement, they can also open a new pathway to potential HIPAA violations.
In addition to choosing a HIPAA compliant web host, it’s important for covered entities to go one step further and ensure that their analytics setup meets compliance obligations.
Let’s find out if Looker is HIPAA compliant or not.
SEE ALSO: HIPAA compliant email
Equipped with a user-friendly dashboard that promotes seamless collaboration, Looker is a business intelligence and big data analytics platform that allows users to explore, evaluate, and share advanced insights in real-time.
With access to one unified source of reliable and up-to-date information, companies are able to receive the answers they need to streamline workflows, gain a better understanding of customer interactions, and provide smarter data-driven experiences.
Looker and business associate agreements
Any third-party vendor that stores, accesses, or sends PHI is considered a business associate.
In order for a third-party vendor to be considered HIPAA compliant, a business associate agreement (BAA) must be signed by both parties. This is a written document that outlines the responsibilities of the business associate to keep PHI secure.
According to Looker’s website, the company “supports HIPAA compliance within the scope of a business associate agreement” and will sign a BAA for all “services and professional services under a Looker-hosted deployment.” This excludes third-party services, non-secure API integration tools, and features that are not generally available such as previews.
Looker affirms that customers are ultimately responsible for evaluating their own HIPAA compliance when using the services and “must manage access in a way that complies with the BAA.”
Looker and data security
Beyond the BAA, data security is another critical component of maintaining HIPAA compliance. Therefore, covered entities should evaluate the measures that a vendor is taking to protect PHI.
Looker offers a secure infrastructure with a variety of protective features including a built-in robust permissioning layer to ensure that real-time data access is only available to authorized individuals. The company also makes queries directly against customer databases to protect sensitive information and uses AES 256 bit encryption to secure credentials and data at rest.
Customers can take further steps to secure PHI with additional controls such as enabling two-factor authentication, limiting users’ ability to download reports, restricting permissions for creating public links, and reducing the amount of time that query results are cached.
However, it is up to the customer to make the necessary configurations. Looker explicitly states that the company “takes no responsibility for any breach that results from customers’ environment and configuration of the services, access permissions, and security controls.”
Is Looker HIPAA compliant?
Yes, Looker can be made HIPAA compliant with a signed BAA. However, covered entities must ensure that all settings are appropriately configured to minimize risks and maintain the necessary security standards.
Strengthen security with Paubox
While Looker may be designed to meet HIPAA requirements, email security is another important factor for healthcare providers to keep top-of-mind.
Built to seamlessly integrate with your existing email platform such as Google Workspace or Microsoft 365, Paubox Email Suite enables HIPAA compliant email by default and automatically encrypts every outbound message. This means you don’t have to spend time deciding which emails to encrypt and your patients are able to receive your messages right in their inbox without having to navigate any additional passwords or portals.
Paubox Email Suite’s Plus and Premium plan levels also come with innovative inbound email security tools for more protection from potential threats. Our patent-pending Zero Trust Email feature uses email AI to confirm that an email is legitimate, while patented ExecProtect quickly catches display name spoofing attempts.