22 Sep

Gmail Business Associate Agreement

Google does not sign any counterpart agreements with free Gmail users. To be HIPAA compliant, you must use Google`s G Suite (formerly Google Apps) email service, for which a subscription must be paid. This paid email service is intended for use with a domain owned by the company. @hipaajournal.com for example. Google offers a matching deal for G Suite, but its BAA doesn`t cover the free @gmail.com email service. To be HIPAA compliant, Gmail must sign a Commercial Agreement (BAA) with all healthcare providers it works with. Google, like other large companies, has created its own ways to sign business deals. That`s why G Suite is so important for businesses covered by Gmail and HIPAA. If you use Google for your health activity, you need to make sure that you sign a good Google BAA. A BAA – or business associate agreement – is a MANDATE CONTRACT of the HIPC that must be executed between two parties in case health data is exchanged. Log in to a superadministrator account (don`t stop at @gmail.com). Since email is the most common way to quickly exchange information between colleagues or organizations, many people have assumed that this means that it is a safe way to share PHI. Sending PHI via a regular e-mail platform, however, is not a protected way to transmit this type of information.

Sending protected health information via email, without adequate encryption and software, can easily lead to a PHI violation, which results in high costs for the defective business. Fortunately, healthcare providers can email PHI via email, in accordance with the HIPC, as long as counterpart agreements are signed and encryption software is used by third parties. The Health Insurance Portability and Accountability Act of 1996 (PPTE) is a federal law that establishes data protection and security requirements for organizations responsible for protecting individuals` protected health information (PHI). These organizations meet the definition of “covered enterprises” or “counterparties” in accordance with the HIPC. Gmail, meanwhile, is a free service that uses @gmail.com. The important difference is that Google Workspace must be used next to a domain name that you own. Learn exactly how to make Gmail HIPAA compliant – and other G Suite apps that are essential to running your business. Follow your Google BAA with trustworthy HIPAA training from the experts at Compliancy Group. Another important difference: Google Workspace is a paid service, while Gmail is free. In short, Google Workspace is for business use, Gmail is for personal use. Google has implemented excellent security and its email service meets the requirements of the HIPAA security policy.

Google is willing to enter into counterparty agreements with HIPC-covered companies covering its email service, so if a BAA is obtained, the HIPAA compliance box is also enabled. Encryption for emails can be enforced, so Google offers an email service that can be made HIPC compliant. Although you can make Gmail HIPAA compatible, it is not compatible by default. Gmail is a completely free platform, but G Suite is the paid version of Gmail, which makes it easier to ensure that the HIPAA platform is compliant. G Suite is a selection of the most popular Google apps for business. It includes Gmail, but also Google Drive, Google Calendar and Google Hangouts especially for businesses. By purchasing the app suite, there are certain security measures that you have access to now. This program contains certain data protection benefits, such as the option to require two-factor authentication for employees or restrictions on the mobile use of employees` email. These measures can ensure greater security, but should be used on all employees` Gmail accounts to be truly beneficial….

Share this