Google Cloud Apps Admins

Productivity with Compliance: Using Google for Work in Healthcare

Written by Joey Allen (GCP Apps Admin) | September 28, 2015

Those working in the healthcare industry can now take advantage of Google for Work apps thanks to new compliance measures taken by Google to ensure proper handling of Protected Health Information (PHI). While HIPAA regulations may have left healthcare workers concerned about storing patient data on the cloud in the past, a compliance guide was released by Google in February of 2015 that details how Google Apps can be implemented so that HIPAA standards are maintained. 

Advantages of Google for Work Apps

The cost savings offered by Google Apps for Work are especially useful in the healthcare industry where overhead costs can be very high. Using Google Apps for Work offers companies one of the most cost effective options for handling company and client data and carrying out everyday office tasks. 

In addition to cost savings, Google Apps also offer the advantage of being a cloud-based. This means that the information a company's Google Apps contain can be accessed by end users whenever they're connected to the Internet. Working with cloud technology allows companies to avoid having to store information on their hard drive. This helps lower IT costs and optimizes office space by preventing the need for storing information on company servers.

Google Apps for Healthcare Companies

With the release of the HIPAA Compliance & Data Protection with Google Apps implementation guide, it is apparent that a major advantage of Google Apps is now protection of PHI. By signing the HIPAA Business Associate Agreement (BAA) devised by Google, healthcare companies gain access to the HIPAA Included Functionality offered by applications including Gmail, Google Drive, Google Calendar, and more. 

When a company decides to use Google Apps for Healthcare Companies, the HIPAA compliance implementation guide walks the company's IT administrators through the details of how Google Apps Core Services can be used in a way that's HIPAA compliant. Special features of HIPAA "Included Functionality" Core Services are describes that help end users adhere to standards regarding PHI protection.

For example, end users communicating via Gmail who are working with sensitive data to which HIPAA applies can control with whom attached files are shared. Link sharing settings changed to "Private" in Gmail ensure that the sender of an email message can limit who has access to emailed files. 

In order to remain compliant, Google Apps for Healthcare Companies is limited to Included Functionality services. Other applications offered by Google such as Hangouts, Contacts, and Picasa Web Albums have not been adjusted to accommodate HIPAA regulations, so they are not permitted to handle PHI.