Google G Suite apps are commonly used by many behavioral health professionals to run their business–but when it comes to signing a proper Google BAA, there are some major misunderstandings in the market.
BAA stands for Business Associate Agreement. BAAs are contracts that are federally required by HIPAA regulation. Before any protected health information (PHI) is transmitted between two organizations, a BAA must be executed. PHI is considered any demographic information that can be used to identify a patient. This includes names, addresses, dates of birth, full facial photos, social security numbers, financial information, insurance ID numbers, and health records, to name a few.
G Suite Services is a common name for Google apps used by business owners, which includes Gmail, Google Drive, and Google Calendar. Behavioral health professionals using these services to in any way handle, store, or encounter PHI must execute a BAA with Google.
Signing a Google BAA
Because of the scope of information that can be stored in G Suite apps, it’s essential that you execute a Google BAA. Like many other cloud service providers, Google will sign a BAA if certain requirements are met.
G Suite Services allows Business users to request BAAs for their organizations. Google Apps for Business is a paid version of regular Google services. The free version is commonly used for personal emails. If your organization pays Google to use its Google Apps for Business services, your system administrator can request a BAA.
Once you sign your Google BAA, your organization will need to ensure that your G Suite services are properly configured to handle PHI. Security and privacy settings must be calibrated in order to comply with HIPAA regulation.
For more information on exactly how to make your G Suite Services and Gmail HIPAA compliant, click to read this HIPAA educational whitepaper!
Compliancy Group gives behavioral health professionals confidence in their HIPAA compliance with The Guard®. The Guard is a web-based HIPAA compliance solution, built by former auditors to help simplify compliance.
Compliancy Group’s team of expert Compliance Coaches® field questions and guide users through the implementation process, taking the stress out of managing compliance. The Guard is built to address the full extent of HIPAA regulation, including fully automated documentation of policies, procedures, employee training, and remediation plans.
With The Guard, behavioral health professionals can focus on running their practice while keeping their patients’ data protected and secure.
Find out more about how Compliancy Group and the HIPAA Seal of Compliance® can help simplify your HIPAA compliance today!
Disclaimer: The views and opinions expressed in the article and on this blog post are those of the authors. These do not necessarily reflect the views, opinions, and position of the Telebehavioral Health Institute (TBHI). Any content written by the authors are their opinion and are not intended to malign any organization, company or individuals.