Google To Make Cloud HIPAA Compliant
By Christine Kern, contributing writer
HIPAA-Covered Entities To Receive Google Cloud Platform Support
Last year Google entered into agreements enabling its Google Apps customers to support HIPAA-regulated data, and now are announcing its cloud platform will support Business Associate Agreements (BAAs) as well. In a Feb. 5 blog post, Google Cloud Platform Product Manager Matthew O'Connor discussed the challenges of compliance with HIPAA for developers building healthcare-related applications.
O’Connor wrote, "Not only do you need the right code and a reliable user experience, sometimes it feels like you need to be a lawyer, too.” When dealing with sensitive patient information, the healthcare-related applications must comply with the Health Insurance Portability and Accountability Act (HIPAA) regulations. When building in the cloud, it can be challenging to ensure that you're complying with [HIPAA] regulations."
FierceHealthIT reports Boston-based health attorney and HealthBlawg author David Harlow, who also serves as a FierceHealthIT Editorial Advisory Board member, had predicted the move by Google. Answering follow-up questions from attendees at FierceHealthcare's January webinar, “Three Things You Must Know about the New HIPAA Rules,” Harlow noted that the Omnibus Rule "brought Google and Amazon to the table … because they had not developed their own ‘agreements.’ If they had not developed their own BAAs, the Omnibus Rule would have imposed its own set of standard BAA provisions," Harlow replied when asked about HIPAA-compliant online file-sharing sites.
This week, in an email to FierceHealthIT, Harlow reiterated that the move was an important one for Google. "I think this is encouraging," Harlow said. "If Google and Amazon are both able to support HIPAA compliant development of applications, that's a good thing."
The Google Blog post touted their other recent efforts at HIPAA compliance, stating, “To serve developers who want to build these applications on Google's infrastructure, we're announcing support for Business Associates Agreements (BAAs) for our customers. A BAA is the contract between a Covered Entity (you, the developer) and their Business Associate (Google) covering the handling of HIPAA-protected information.”
Google’s other compliance efforts across Cloud Platform and Google Enterprise include:
- ISO 27001 is one of the most widely recognized, internationally accepted independent security standards. After earning ISO 27001 for Google Apps in 2012, they renewed their certification again last year for Google Apps and received the certification for Google Cloud Platform.
- SOC2, SSAE 16 & ISAE 3402: Companies use the SOC2, SSAE 16 Type II audit, and its international counterpart ISAE 3402 Type II audit, to document and verify the data protections in place for their services. these audits have been completed for Google Apps every year since 2008 (when the audits were known by their previous incarnation, SAS 70) and did so again last year for Google Apps and Google Cloud Platform.
- HIPAA: Late last year, Google started entering into BAAs to allow Google Apps customers to support HIPAA regulated data. This year they have begun entering into BAAs with the Google Cloud Platform customers.
Google hopes that these efforts at compliance will engage and attract customers to their services.
Want to publish your opinion?
Contact us to become part of our Editorial Community.