.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
Hoala Greevy
Is Google's Bard HIPAA compliant?
Dean Levitt : May 16, 2023
When it comes to healthcare, privacy, and security are paramount. The Health Insurance Portability and Accountability Act (HIPAA) sets the standard...
Last week we wrote about Google Workspace and how it compares to Paubox for its ability to provide HIPAA compliant email.
Our research concluded that while Google Workspace can be configured to be HIPAA compliant, it lacks functionality and even introduces a security vulnerability when it comes to actually sending HIPAA compliant email.
Read more: Comparing Google Workspace to Paubox for HIPAA compliant email (2023 update)
Up next, this post will answer the question: How do I actually go about getting a BAA signed with Google?
HIPAA and the BAA
As a recap, the Health Insurance Portability and Accountability Act (HIPAA) is a federal law that protects the privacy of individuals’ personal health information.
As we’ve previously discussed, HIPAA applies to covered entities, which includes healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.
A business associate agreement (BAA) is a written contract between a covered entity and a business associate. It is required by law for HIPAA compliance.
Google BAA
Complete information on the Google business associate agreement can be found here. More specifically, the HIPAA Included Functionality page outlines each Google product that is considered in scope for the Google BAA.
In addition, another helpful resource is the Google Workspace and Cloud Identity | HIPAA Implementation Guide.
Signing a BAA with Google
Unlike the Microsoft BAA where extra steps are not required, Google does require customers to do a bit more extra work to enter into a BAA with them.
The steps to enter into a BAA with Google are outlined here.
In a nutshell, they are:
- Go to Menu
Account > Account settings > Legal and compliance. - Go to the Security and Privacy Additional Terms section.
- Click Google Workspace/Cloud Identity HIPAA Business Associate Amendment to review the amendment.
- Click Review and Accept and answer all three questions to confirm that you are a HIPAA covered entity.
- To accept the HIPAA BAA, click OK .
Can Google use my organization's business associate agreement?
No, Google will not use a customer's business associate agreement.
Conclusion
There are a few additional steps to take to obtain a business associate agreement with Google.
Be aware that:
- Google will not sign a customer's BAA
- The list of solutions that are in scope of the Google BAA are here
Is Google Sheets HIPAA compliant?
Hoala Greevy : November 15, 2017
We often get asked by customers and prospects about Google Sheets and their ability to use it in a HIPAA compliant manner. We know the HIPAA market...
Is Google Cloud Identity Management HIPAA compliant? (2025 update)
Farah Amod : April 11, 2020
Google Cloud Identity is an identity and access management (IAM) platform that provides tools for managing user accounts, authentication, and device...