Many healthcare companies and hospitals use Google Meet as their video communication service of choice.
HIPAA (Health Insurance Portability and Accountability Act of 1996) is a federal law that governs the privacy of medical records. This law ensures that companies or organizations do not share patients’ data without their consent. It also ensures that the information is kept confidential and private.
When managing patient data, you must ensure their information is secure and HIPAA compliant. This is what you need to know:
- As a Google enterprise cloud platform, Google Meet is HIPAA compliant. However, users must sign a Business Associate Agreement (BAA) first. We show you how to do so in this guide.
- Only the Google workspace administrator can sign and receive a BAA.
- To sign the BAA, you must have a Google Workspace premium account.
- Google manages and discloses Protected Health Information (PHI).
- Google has one BAA cover for all its Google Workspace applications.
- Google has an extensive Google Workspace and Cloud Identity HIPAA Implementation Guide, which you should read.
Important: This article should not be considered legal advice. You should seek advice to ensure you comply with all HIPAA regulations.
How to sign the BAA to become HIPAA compliant
- Sign into your Google workspace Admin console.
- Click on the three horizontal bars to open the main menu. After that, click @ Account from the list, then select Account settings from the drop-down.
- From the new page, select Legal and compliance.
- Scroll down to “Security and Privacy Additional Terms” and click anywhere. Under “Google Workspace/Cloud Identity HIPAA Business Associate Amendment,” click Review and Accept.
- To confirm that you are a HIPAA-covered entity, Google will ask you three questions. Submit your responses, then click OK.
- From the new pop-up, review the amendment and click I Accept.
- Google will notify you that you have successfully signed the HIPAA BAA. After that, click Done.
What information does HIPAA protect?
While the list of PHI is extensive, the standard data includes:
- Patient identity
- Patient’s medical history
- Payment details
- Patient inquiries and claims
- Requests for referral authorization
Tl;dr
Is Google Meet HIPAA compliant? Yes and no. To become HIPAA compliant, you must first sign the BAA. Health organizations can demonstrate to patients and regulators that they are willing to meet privacy standards by signing a BAA and complying with HIPAA.