Unfortunately, the company Ted was working with to set up Google Workspace didn`t know much about HIPAA. They helped Ted sign a HIPAA BAA, but that`s it. Too bad Ted didn`t get our “17-Step Guide on Gmail and HIPAA Compliance” checklist. Workspace and Cloud Identity customers are responsible for determining whether they are subject to HIPAA requirements and whether they wish to use or use Google services in conjunction with PHI. Customers who have not yet signed UP on Google are not allowed to use Google services in conjunction with PHI. Hipaa categorizes certain information about a person`s health or health services as protected health information (PHI). Workspace and Cloud Identity customers who are submitted to HIPAA and wish to use G Suite or Cloud Identity with PHI must sign a Business Associate Agreement (BAA) with Google. Larry – thank you for your comments. I would agree with you on the free service. The reality is that many small organizations use Gmail, Hotmail, AOL and Yahoo for free! for e-mails. We wanted to clarify that, although Google will now sign a BAA, these organizations must migrate from free services to paid services to be compliant. We didn`t want people to hear that Google is going to sign a BAA and think that the continued use of free Gmail would make them compliant.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that sets data protection and security requirements for organizations responsible for the protection of personal health information (PHI). These organizations meet the definition of “covered companies” or “counterparties” under HIPAA. It should be noted, however, that users with a free gmail.com address are not part of Google Workspace. The covered company, which enters the BAA with Google Cloud, is responsible for implementing a HIPAA-compatible solution with approved Google Cloud services. Once the solution is established, the covered entity is responsible for implementing compliance controls. One of our top priorities is to ensure that our customers` data is safe, secure and always available. To demonstrate our compliance with industry safety standards, Google has requested and obtained safety certifications such as ISO 27001 and SOC 2 and SOC 3 Type II certifications.