Share this newsletter on:
Is Google Hangouts HIPAA compliant? Can Google Hangouts be utilized by healthcare pros to transmit and obtain safe well being knowledge (PHI)?
Is Google Hangouts HIPAA Compliant?
Healthcare organizations regularly ask about Google services and products and HIPAA compliance, and one product particularly has led to some confusion is Google Hangouts. Google Hangouts is the newest incarnation of the Hangouts video chat gadget, and has taken where of Huddle (Google+ Messenger). Google Hangouts is a cloud-based verbal exchange platform that contains 4 other parts: Video chat, SMS, VOIP, and an speedy messaging provider.
Google will signal a industry affiliate settlement for G Suite, which these days covers the next Google core services and products
- Google Drive (Includes Google Docs, Google Sheets, Google Slides, and Google Forms)
- Apps Script
- Google Cloud Search
- Vault (If appropriate)
- Google Hangouts (Chat messaging)
- Hangouts Meet
The Business Associate Agreement does now not duvet Google Groups, Google Contacts, and Google+, none of which can be utilized together with safe well being knowledge. Google additionally advises customers to disable using non-core services and products relating to G suite – for instance YouTube, Blogger and Google Photos.
So, positive parts of Google Hangouts are HIPAA compliant and can be utilized by way of HIPAA coated entities with out violating HIPAA Rules, only if previous to using the services and products with PHI, the coated entity has entered right into a industry affiliate settlement with Google.
However, even with a BAA in position, now not all parts of Google Hangouts are HIPAA compliant, so coated entities will have to workout warning. Video chat for example, isn’t coated by way of the BAA so can’t be used, and neither the SMS and VOIP choices.
To help in making Google Hangouts HIPAA compliant, Google has launched a information for healthcare organizations.
Google Hangouts HIPAA Compliance Depends on Users
If you make a decision to permit using Google Hangouts on your group, it necessary to deal with the allowable makes use of of Google Hangouts with appreciate to PHI via insurance policies and procedures. Staff will have to be educated on the right kind use of the platform, and urged which parts of Google Hangouts can be utilized and that are prohibited. If video chat is necessary to your group, you will have to search a HIPAA-compliant choice platform.
As we have now discussed in a prior put up, merely acquiring a BAA from Google is not any ensure of HIPAA compliance – that depends on how Google services and products are configured and the way they’re used – See this web page for additional knowledge of G Suite HIPAA Compliance.
Don’t Forget to Implement Additional Safeguards for Mobile Devices
One space the place HIPAA-covered entities may just simply violate HIPAA Rules is using Google Hangouts on cell gadgets. Google does have very good safety controls that may alert customers to attainable unauthorized get entry to in their Google account. These will have to be configured to verify beside the point get entry to makes an attempt are recognized abruptly. Controls will have to even be carried out on cell gadgets to be sure that the gadgets are safe in case of loss or robbery.
Access controls at the software will have to be carried out to forestall the software, and any ePHI saved on it, from being simply accessed. Policies and procedures will have to even be evolved to verify misplaced and stolen gadgets are reported promptly, and movements taken to safe accounts. It could also be beneficial to put in force controls that permit misplaced and stolen gadgets to be positioned, locked, and remotely wiped.
Is Google Hangouts HIPAA Compliant?