Is Google Timetable HIPAA compliant? Can the calendar scheduling service and time management be used by healthcare companies or would use the facility be thought a breach of HIPAA Laws? This post studies whether Google backs HIPAA compliance for the Google Timetable facility.
Google Timetable was introduced in 2006 and is a part of Google’s G Suite of services and products. Google Timetable might possibly be used for arranging schedules, which might need PHI to be added.
Uploading any PHI to the cloud is not allowed by the HIPAA Secrecy Law unless specific HIPAA necessities have first been met.
A risk analysis should be carried out to evaluate possible risks to the integrity, confidentiality, and availability of ePHI. Risks should be dependent on a HIPAA-compliant risk management procedure and decreased to a tolerable level. Access controls should be applied to make sure that ePHI can only be seen by approved people, proper safety controls should be in place to avoid illegal disclosures, and an audit trace should be maintained.
Additionally, healthcare companies protected by HIPAA Laws are needed to enter into a HIPAA-compliant business associate agreement (BAA) with any seller before any ePHI is unveiled, even if the facility provider states it doesn’t access client data.
Google has proper safety controls in place to safeguard data uploaded to Google Timetable and access as well as audit controls can be arranged, therefore Google Timetable HIPAA compliance centers on whether Google is ready to enter into a BAA with HIPAA-protected units or their BAs.
Google is ready to sign a BAA with healthcare companies for its paid facilities, however, not for any of its free facilities. The BAA includes the use of G Suite and covers Jam board, Google Sites, Google Cloud Search, Google Keep, Hangouts Meet, the chat messaging feature of Google Hangouts, Google Drive, Google Calendar, and Google Vault facilities.
HIPAA-protected units should enter into a BAA with Google before any of the above facilities used with ePHI. When a signed BAA has been received the facilities can be used, even though it’s the duty of the protected unit to make sure that the facilities are used in a way compliant with HIPAA Laws. Google provides a HIPAA-compliant facility, however, it’s still possible for employees and organizations to defy HIPAA Laws using its facilities.
Is Google Timetable HIPAA Compliant?
Thus, is Google Timetable HIPAA compliant? Given a BAA has been received, Google Timetable can be counted as a HIPAA compliant time management and timetable scheduling facility.