Google Cloud Gets On Board With HIPAA Compliance

9-18-2013 10-03-06 PM

Google announces that it will start signing HIPAA-mandated business associate agreements for customers that use its cloud-based developer platform to host healthcare applications. The news is long overdue as Google was the last of the major cloud hosting vendors to agree to the new regulations since the HIPAA Final Ominbus Rule put them into effect in 2013.

Prior to the HIPAA Omnibus Rule, the only companies that had to comply with HIPAA were “covered entities” which consisted of healthcare providers, health care clearinghouses, and health plans. All other organizations were exempt, even if they collected medical information, transmitted it, or stored it. This meant that health IT consulting companies, EHR vendors, and cloud hosting vendors like Google and Amazon were not held accountable for protecting patient information.

That changed in 2013 when legislators extended HIPAA accountability to include all of the secondary vendors that support healthcare operations and come into regular contact with protected health information. The new law required that these vendors sign a business associate agreement promising to appropriately safeguard health information.

For healthcare startups, this created a problem. While they themselves could sign a BAA with their potential customers, they would not be able to store any protected health information in the cloud without getting an additional BAA from the cloud hosting vendor. Initially, there were none to be found. Microsoft was first to begin singing BAAs, followed shortly thereafter by Amazon.

Google was not quick to follow. In September of 2013, Google began signing BAAs for enterprise users of its core apps, like Gmail, Google Drive, Google Calendar. However, despite growing pressure from exposed healthcare startups, the search giant held back until just this week, far longer than Microsoft and Amazon, before finally agreeing to sign BAAs for healthcare companies storing personal health information on its Google Cloud Platform.

Cloud hosted applications offer a number of strategic benefits to healthcare IT startups. Up front costs are significantly less than building and marketing a self-hosted application. Many cloud vendors also offer completely free hosting until traffic hits a certain threshold, allowing developers to build and test without draining precious seed funding.

For enterprise health IT consumers, hardware and system maintenance costs can be much lower with cloud-based products. Unplanned downtime occurs less frequently as well, with Google, Amazon, and Microsoft all guaranteeing a 99.9 percent uptime. Cloud-based applications also have the potential to reduce data breaches because the seemingly never ending stream of unencrypted laptops stolen out of hospital employee’s cars would no longer have PHI stored on them.

With Google now on board, a full ecosystem of HIPAA-compliant cloud hosting vendors exist for healthcare organizations to partner with.

Enjoy HIStalk Connect? Sign up for update alerts, or follow us at @HIStalkConnect.

↑ Back to top

Founding Sponsors

Platinum Sponsors