As a continuation of exploring Gmail and HIPAA Compliance, this blog post will focus on using Gmail in a HIPAA Compliant way.
To read the previous blog post on this, click here for “Is Gmail HIPAA Compliant?”
To reiterate the core ideas from previous posts, first, email is inherently insecure, so do not sent PHI (Patient Health Information) through email.
Two, Gmail can be used in a HIPAA Compliant way, as mentioned in “Is Gmail HIPAA Compliant?”
Now, we’re going to talk in detail about how to be HIPAA Compliant with Gmail.
Google Services covered by BAA
At the time of this post, only a subset of the Google Core Services are covered by the G Suite BAA.
This means, that only the apps in this first box are permitted to be used with PHI.
The following Core Services are not supported for PHI.
Signing the BAA
After signing up for Google’s G Suite, you’ll want to sign their BAA. The following steps show you how.
- Sign in to the Google Admin Console. Go to https://admin.google.com
- Click on Company Profile
- Click on Profile
- Scroll down to Security and Privacy Additional Terms
- Next, click Review and Accept
- Answer all three questions and click “Ok”
- Review the HIPAA Business Associate Agreement and click “I Accept”
How to send PHI through Gmail
- Right click on the file or folder to share to bring up the file menu
- Click on the Share menu item
- Click the Advanced link
- Ensure the sharing settings are set to “Specific people can access”
- Invite people by entering their email address and setting the correct permission for the file
Ask for Permission
As we mentioned in the post, “Is Gmail HIPAA Compliant?”, you’ll want to ask your patient’s for permission to send HIPAA sensitive information through email.
Don’t forget to get it in writing!
Do you use Gmail in your practice? Post a comment below!
P.S. If this helped you, please Like, Share, email… all the social network love you can give!