Is Google Hangouts HIPAA Compliant?

Healthcare companies often inquire about Google facilities and HIPAA compliance, and one product particularly has triggered some misunderstanding is Google Hangouts. It is the modern avatar of the Hangouts video conversation system and has acquired the status of Huddle. Google Hangouts is a cloud-based communication platform which includes 4 different features: VOIP, SMS, Video chat, and an instant messaging facility.

Google will endorse a business associate contract for G Suite, which presently includes the following Google main facilities

 

  • Hangouts Meet
  • Google Hangouts (Chat messaging)
  • Vault (If applicable)
  • Google Cloud Search
  • Jam board
  • Sites
  • Keep
  • Apps Script
  • Google Drive (Includes Google Slides, Google Sheets, Google Docs, and Google Forms)
  • Calendar
  • Gmail

 

The BAA doesn’t cover Google Contacts, Google Groups, and Google+, none of which can be utilized in combination with safeguarded health information. Google additionally recommends users to stop the usage of non-core facilities concerning G suite – for instance Blogger, YouTube, and Google Photos.

Therefore, certain features of Google Hangouts are HIPAA compliant and can be utilized by HIPAA protected units without breaching HIPAA Laws, provided that before the usage of the facilities with PHI, the protected unit has entered into a BAA with Google.

Nevertheless, in spite of a BAA in position, not all features of Google Hangouts are HIPAA compliant, therefore protected units should exercise care. Video chat, for example, isn’t protected by the BAA, therefore, can’t be utilized, and neither the VOIP and SMS options.

To assist make Google Hangouts HIPAA compliant, Google has issued a guide for healthcare organizations.

Google Hangouts HIPAA Compliance Relies on Users

In case you make a decision to let the usage of Google Hangouts in your company, it is important to tackle the permissible usages of Google Hangouts with regard to PHI through procedures and policies. Staff should be educated on the accurate usage of the platform and taught which features of Google Hangouts can be utilized and which are forbidden. If video conversation is vital for your company, you must search for a HIPAA- compliant alternate platform.

Like we have stated in an earlier post, just getting a BAA from Google isn’t a guarantee of HIPAA compliance – that will rely on how Google facilities are arranged and how they are utilized – Visit this page for additional information of G Suite HIPAA Compliance.

Do not Forget to Apply Extra Protections for Mobile Appliances

One subject where HIPAA-protected units might easily infringe HIPAA Laws is the usage of Google Hangouts on moveable appliances. Google does have superb safety controls which can warn users of possible illegal logging of their Google account. These must be arranged to make sure incorrect access efforts are known swiftly. Controls must also be applied to movable devices to make sure that the appliances are safeguarded in case of theft or loss.

Access regulators on the appliance must be applied to stop the appliance, and any ePHI stowed on it, from being simply accessed. Procedures and policies must also be created to make sure stolen and lost devices are reported quickly, and actions are taken to safeguard accounts. It’s also suggested to apply controls which allow stolen and lost appliances to be found, protected, and distantly wiped.