If there are any medical providers or business associates out there who are using Google Apps or GMail as a Vendor, I would recommend that the following:
- Either conduct a Risk Assessment, or contact us to do so.
- Stop using Gmail and Google Apps immediately.
Here’s our reasoning for offering that advise –
Google is fundamentally an advertising company. Over 90% of their revenue comes from selling online advertisements. The more information they have, the more targeted, and ‘better’ their advertising is. They collect information data about their users – their privacy practices say as much – they collect information from one service, like Google apps, and use it across all services.
That means that information you input into email or an application can be used by Google in any other application. It also means that you, as a business entity, have no control over how your data is being used.
But an even more succinct issue – Google refuses to sign a Business Associate Agreement. You’d be violating HIPAA by sending them your patients information without getting a Business Associates Agreement. Hence, our apprehension about any medical provider using. And with the new HIPAA Omnibus Rule, all Business Associates need to be just as compliant as medical providers.
There are other options for you, if you would still prefer to have your data hosted in the cloud. We usually recommend Office 365 to our clients. However, any solution you move to must be highly secure, and be willing to sign a Business Associates’ Agreement.
If you’re concerned about your current vendors or network set-up, please contact us. We can reconfigure
Are you a Business Associate who’s newly subject to HIPAA? Confused? We can help.