Is Looker HIPAA compliant?

Featured image

Share this article

Looker logo

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.

Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI).

HIPAA compliance has become increasingly complicated as more healthcare providers embrace the use of digital tools to improve their operations. This includes leveraging analytics platforms to gather valuable insights about website visitors.

While these solutions may help boost patient engagement, they can also open a new pathway to potential HIPAA violations.

In addition to choosing a HIPAA compliant web host, it’s important for covered entities to go one step further and ensure that their analytics setup meets compliance obligations.

Let’s find out if Looker is HIPAA compliant or not.

SEE ALSO: HIPAA compliant email

About Looker 

Equipped with a user-friendly dashboard that promotes seamless collaboration, Looker is a business intelligence and big data analytics platform that allows users to explore, evaluate, and share advanced insights in real-time.

With access to one unified source of reliable and up-to-date information, companies are able to receive the answers they need to streamline workflows, gain a better understanding of customer interactions, and provide smarter data-driven experiences.

Looker and business associate agreements

Any third-party vendor that stores, accesses, or sends PHI is considered a business associate.

In order for a third-party vendor to be considered HIPAA compliant, a business associate agreement (BAA) must be signed by both parties. This is a written document that outlines the responsibilities of the business associate to keep PHI secure.

According to Looker’s website, the company “supports HIPAA compliance within the scope of a business associate agreement” and will sign a BAA for all “services and professional services under a Looker-hosted deployment.” This excludes third-party services, non-secure API integration tools, and features that are not generally available such as previews.

Looker affirms that customers are ultimately responsible for evaluating their own HIPAA compliance when using the services and “must manage access in a way that complies with the BAA.”

Looker and data security

Beyond the BAA, data security is another critical component of maintaining HIPAA compliance. Therefore, covered entities should evaluate the measures that a vendor is taking to protect PHI.

Looker offers a secure infrastructure with a variety of protective features including a built-in robust permissioning layer to ensure that real-time data access is only available to authorized individuals. The company also makes queries directly against customer databases to protect sensitive information and uses AES 256 bit encryption to secure credentials and data at rest.

Customers can take further steps to secure PHI with additional controls such as enabling two-factor authentication, limiting users’ ability to download reports, restricting permissions for creating public links, and reducing the amount of time that query results are cached.

However, it is up to the customer to make the necessary configurations. Looker explicitly states that the company “takes no responsibility for any breach that results from customers’ environment and configuration of the services, access permissions, and security controls.”

Is Looker HIPAA compliant?

Yes, Looker can be made HIPAA compliant with a signed BAA. However, covered entities must ensure that all settings are appropriately configured to minimize risks and maintain the necessary security standards.

Strengthen security with Paubox 

While Looker may be designed to meet HIPAA requirements, email security is another important factor for healthcare providers to keep top-of-mind.

Built to seamlessly integrate with your existing email platform such as Google Workspace or Microsoft 365, Paubox Email Suite enables HIPAA compliant email by default and automatically encrypts every outbound message. This means you don’t have to spend time deciding which emails to encrypt and your patients are able to receive your messages right in their inbox without having to navigate any additional passwords or portals.

Paubox Email Suite’s Plus and Premium plan levels also come with innovative inbound email security tools for more protection from potential threats. Our patent-pending Zero Trust Email feature uses email AI to confirm that an email is legitimate, while patented ExecProtect quickly catches display name spoofing attempts.

Try Paubox Email Suite Plus for FREE today.
Author Photo

About the author

Sara Uzer

Read more by Sara Uzer

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022