If your organization stores, manages, or processes protected health information (PHI) using Google services, it’s critical that you have a Business Associate Agreement (BAA) with Google. A BAA is a legally binding contract that outlines the responsibilities and obligations of both parties with regard to the handling and protection of PHI. Google offers BAAs for its HIPAA-compliant products and services, including Google Workspace (formerly G Suite), Google Cloud Platform, and Google Meet.
To obtain a BAA with Google, your organization must have a paid Google Workspace account, and you must be signed in to an administrator account for your organization’s Google Workspace or Cloud Identity account. Non-administrator, or users of the free edition of Google Workspace cannot review and accept a BAA from Google.
Source: Google
Here’s how to review and accept the HIPAA Business Associate Amendment:
- Sign in to your Google Admin console using an account with super administrator privileges.
- In the Admin console, go to Menu > Account > Account settings > Legal and compliance.
- Go to the Security and Privacy Additional Terms section.
- Click Google Workspace/Cloud Identity HIPAA Business Associate Amendment to review the amendment.
- Click Review and Accept and answer all three questions to confirm that you are a HIPAA covered entity.
- To accept the HIPAA BAA, click OK.
It is important to note that signing a BAA with Google is just the first step in ensuring HIPAA compliance. Your organization must also implement measures to protect PHI, such as limiting access to PHI, encrypting data in transit and at rest, and training staff on HIPAA compliance. Regularly monitoring compliance is also critical, including conducting regular risk assessments, auditing access logs, and monitoring employee activity.
Google offers a HIPAA compliance guide that provides an overview of how Google Cloud can be used to support your organizations’ HIPAA compliance efforts. This guide includes information on Google’s approach to HIPAA compliance, the HIPAA requirements that Google Cloud meets, and the steps organizations can take to implement HIPAA-compliant solutions using Google Cloud.
Total HIPAA specializes in HIPAA compliance services, helping businesses adhere to HIPAA guidelines and protect sensitive data. Our experts ensure your organization remains compliant with HIPAA regulations, meaning you can focus on your core operations while we handle documenting the policies and procedures that make up your HIPAA compliance plan. Trust Total HIPAA for comprehensive compliance solutions tailored to your needs. Book a clarity call today.
