Google’s signing of agreement for HIPAA compliance

For companies and workers who are a part of the healthcare industry, HIPAA is a very common term. HIPAA is the acronym for the 1996 Health Insurance Portability and Accountability Act. It is a set of regulations enacted into law to protect the privacy of personal health information. Every healthcare professional has to abide by these particular set of privacy regulations. The HIPAA Rules apply to covered entities and business associates. All kinds of communication to and from the health care provider – like interacting with patients, transcribing medical records, scheduling appointments, patient referrals, authorizations for medical services etc come under the purview of HIPAA. And now, Google has agreed to sign a BAA or Business Associate Agreement with covered entities, which helps in the entire task of HIPAA compliance in the healthcare industry. The HIPAA agreement requires that the covered entity sign up for a Google Apps for Business Administrator account. This has been great news and has rightfully been a concern for quite some time.

How Goggle’s signing BAA affects HIPAA compliance

The details about HIPAA Compliance with Google Apps may be read here and affects three of the highly used Google App Services. These are the Gmail, Calendar and the Google Drive. All the information and dates in any healthcare center is usually synchronized between these three. Now, if any Administrator is trying to sign up, now he will have to first answer three pertinent questions. The questions asked will include one asking for confirmation that the entity is covered under HIPAA. Then there will a query on whether the entity signing up will be using the applications to in connection with Protect Health Information. And the final question will be about whether the entity is eligible to request and agree to a BAA with Google for getting access to its applications in connection with Protected Health Information. Once these steps are fulfilled, the final step would be to sign the BAA agreement and then use the Google Apps. For an organization that requires HIPAA compliant services, signing the BAA agreement will be very important. But you must also realize that signing a BAA is not an automatic proof that the entire healthcare organization is being HIPAA compliant. This is just a small part of the entire picture.

Know more about HIPAA compliance

In order to ensure compliance with HIPAA guidelines, you must understand what falls under those regulations. Only then will you be able to ensure complete online security in the organization. First of all, you must realize that the agreement only covers digital copies and communications of the medical and health records. The hard paper copies do not come under its purview. The security rules are divided into three main categories - technical, administrative and physical compliance. Under technical, the areas covered are security of transmission, proper authentication of the person or entity, audit controls, access controls etc. Administrative rules look after the conduct of the workforce in general. The physical focuses on the copy of information itself. HIPAA is less about prohibiting and more about protecting communication. With the help of these compliance, sensitive health and medical information will reach the right people, and you can have control over its privacy. Knowing this will help you implement it better.