Is Gmail HIPAA Compliant?
More and more health care providers are taking advantage of moving their email to the cloud for cost savings or better availability. While already being a pain to do so, they must also overcome certain federal regulations. HIPAA, or, Health Insurance Portability and Accountability Act being one of the most commonly known of the regulations. Why is HIPAA so largely known? Let's look at it's impact in three major parts, The Privacy Rule, The Security Rule, and The Breach Notification Rule.
The Privacy Rule is self explanatory, protects individually identifiable health information. The Security Rule sets precedents for PHI or Protected Health Information. Lastly, the Breach Notification Rule, once again self explanatory, defines the proper ways and time frame individuals must be contacted if their information has been breached.
How can an email service not be HIPAA compliant?
Email was designed to connect people. In other words, delivering the message is vastly more important than keeping the message secure. Email, even if sent "encrypted", still has the possibility to arrive as clear text. This mean's the inner workings of the email are easy to retrieve and thus not HIPAA compliant.
Keeping this in mind as a health care provider, how can we transfer our Gmail services to the cloud while protecting an individuals health information?
For an email service to be HIPAA compliant it must be covered by a BAA or Business Associate Agreement.
In regards to email, Google will only sign a BAA not on their free Gmail service, but on their G Suite service. Read again, for your emails to be compliant through Gmail you MUST use G Suite and only then is Google willing to sign a BAA.
G Suite also provides a variety of services to keep your email secure and you can learn more here.
And that's it.
1. Enroll in G Suite
2. Review and accept a HIPAA BAA.
Simple, right?
Are you worried about the status of your HIPAA compliance and security?
Sign-Up For A Free 30 Day Assessment HERE.