Baa allows covered companies and business partners to enter into an agreement with Google that governs the processing of PHI via Google Cloud. The UNIT covered by the BAA with Google Cloud is responsible for creating a HIPAA-compliant solution using approved Google Cloud services. Once the solution is established, the covered entity is responsible for implementing compliance controls. . Google Apps for Business starts at $5/month per user or $50/year per user. Due to the COVID-19 response, we`ve heard of practices of all sizes that need telemedicine options. Fortunately, Google Workspace contains Google Meet, which can be used for HIPAA-compliant telemedicine/teleconferencing. However, the settings must be configured accordingly. The Google Workspace Learning Center offers great tutorials and explanations on how to use Google Meet, even if you need to switch from Zoom, WebEx, or Skype. Information about a person`s health or health care is classified as Protected Health Information (PHI).

Workspace and cloud identity customers who are subject to HIPAA and want to use G Suite or Cloud Identity with PHI must sign an Enterprise Agreement (AA) with Google. Most users have the bad habit of using a short password that they already know. This is a terrible idea for systems that manage ePHI like Google Workspace. Google is ready to sign a BAA, but only for users of their paid Google Apps services. The BAA is not available in Google`s free services (Gmail, Google Calendar, Google Drive, etc.). . For this task, you must be logged in as a superadministrator. Administrators can enjoy full transparency and control over cloud resources by allowing who can take action for certain resources. . Administrators must verify and accept a BAA before they can use Google services with PHI. Learn in HIPAA Included Functionality which Google Workspace products can be used for HIPAA compliance.

For more information, see HIPAA features for Google Workspace BAA. Ted made the right call. When we checked Google Workspace, we found a number of settings that weren`t configured correctly. Your email address will not be published. Required fields are marked * Google`s BAA only covers certain Google Apps services, including Gmail, Google Calendar, and Google Drive. Other services such as Google Docs, Google Groups, Google+ and Google Sites are not covered by the BAA and must be disabled. In particular, HHS recommends two-factor authentication for systems containing ePHI (such as your Google Workspace). If we contact you to participate in a program, you will receive a supplement to the test application that you can verify and sign. The addendum describes the specific product or function in the alpha or beta program and any additional conditions….