Google Meet can be HIPAA compliant, provided certain conditions are met.
Providers need to sign a Business Associate Agreement (BAA) with Google, ensure that all protected health information (PHI) is digitally secure and private, and configure administrative settings on Google Meet for compliance.
Introduction to HIPAA Compliance and Google Meet
Google Meet, a popular video communication tool, is frequently used in healthcare for telehealth services and remote consultations. This blog post examines whether Google Meet adheres to the Health Insurance Portability and Accountability Act (HIPAA) standards and how healthcare professionals can ensure compliance.
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA), established in 1996, is a federal law that sets standards for protecting sensitive patient health information. It applies to a wide range of healthcare entities and emphasizes the importance of safeguarding Protected Health Information (PHI).
Google Meet and HIPAA Compliance
Google Meet can be HIPAA compliant, provided certain conditions are met. The cornerstone of this compliance is a Business Associate Agreement (BAA) with Google. This agreement is crucial for healthcare providers using Google Meet to handle PHI. Notably, only the paid version of Google Meet, part of Google Workspace, is suitable for HIPAA-compliant use.
The Role of Business Associate Agreement (BAA)
A BAA is a legal document that specifies the responsibilities of a business associate in managing PHI. For Google Workspace, which includes Google Meet, a single BAA covers all applications. Signing this agreement is a critical step towards achieving HIPAA compliance.
Steps to Ensure Google Meet is HIPAA Compliant
- Sign the BAA with Google: Healthcare providers must have a Business Google Workspace or Cloud Identity account and sign Google’s BAA before using Google Meet for PHI.
- Configure Google Meet for Compliance: Signing the BAA alone does not make Google Meet HIPAA compliant. Administrators must configure the service correctly to support compliance.
- Training and Policies: It’s essential to develop policies for using Google Meet in compliance with HIPAA and to train the workforce on these policies.
- Limitations of the Free Version: The free version of Google Meet is not suitable for HIPAA-covered entities due to the lack of necessary safeguards and the absence of a BAA with Google.
Conclusion
Google Meet, when used under the paid Google Workspace version and with a signed BAA, can be a HIPAA-compliant tool for telehealth services. Healthcare providers must understand and follow the necessary steps to ensure compliance.
