Is Google Hangouts Video HIPAA Compliant?
If you are a healthcare provider, there are many rules you have to follow. Sending and receiving protected health information (PHI for short) falls under the HIPAA (Health Insurance Portability and Accountability Act) compliance.
If you’re wondering is Google Hangouts is HIPAA compliant, you’re in the right place. Keep reading for a detailed discussion, and learn which parts of Google Hangouts are HIPAA compliant. Later on, we will talk about other Google services and their HIPAA compliance.
Which Parts of Google Hangouts Are HIPAA Compliant?
Sadly, the Google Hangouts video is not HIPAA compliant. Do not use video chat on this app if you want to remain HIPAA compliant. You also shouldn’t use its voice chat and SMS features, as these aren’t HIPAA compliant either.
The only compliant feature is the Google Hangouts messaging, i.e., text chat. The basis for this compliance is the business associate agreement (BAA) signed by Google. The BAA covers many Google services, including Google Hangouts and Google Meet (previously known as Hangouts Meet).
The BAA doesn’t cover Google Groups and Google Contacts. If you are an entity covered by HIPAA, make sure to sign a BAA with Google, but beware. The BAA often doesn’t cover all of the service’s features, like video chat in the case of Google Hangouts.
If you need video conferencing, but want to stay HIPAA compliant, consider using Google Meet, which is fully covered.
Google Service and HIPAA Compliance
HIPAA is there to protect the sensitive health information of individuals or health care institutions. Google acknowledges the importance of PHI, and they give their best to make the data of all their users safe.
That’s why they allow users who require HIPAA compliance to sign a BAA with them. Since Google Hangouts video doesn’t comply with HIPAA, the best alternative is subscribing to G Suite, which includes Google Meet, a HIPAA compliant service.
Users who do not sign the BAA with Google cannot use the G Suite or other Google services concerning PHI. The BAA with Google must be reviewed and approved by administrators first. You can get a BAA for Google Drive, Google Hangouts, Gmail, Google Drive, Google Calendar, Google Meet, Google Groups, and many other services.
The best place to get information about HIPAA integration with Google services is on this official G Suite and Cloud Identity guide. Follow the link and read all the details carefully before making any decisions.
Word of Advice for Those Sticking with Google Hangouts
You can keep using Google Hangouts and remain HIPAA compliant, but you have to be very careful. Make sure that everyone in your organization is aware of video, SMS, and VOIP not being compliant.
If you can ensure that nobody is using these features, you’ll stay in the clear. THE BAA with Google won’t do you any good if you break these rules. Draw awareness to this issue, and warn mobile users.
In case your employees are using the Hangouts on Android or iOS devices, make sure that they have the proper setup. They need to enable unauthorized access notifications.
Users should also employ access controls to prevent any breaches. If someone gets their mobile device stolen, they need to report it immediately. In case PHI stored on the phone or tablet gets exposed, it can cause massive damage to your organization.
Hangouts and HIPAA
If you need video conferencing features, Google Hangouts might not be the right solution because of its partial HIPAA compliance. Consider using an alternative service, such as Google Meet. G Suite is convenient and worth the cost.
Zoom is also HIPAA compliant if you sign a BAA with them. The same advice remains, communication is crucial if you want to stay HIPAA compliant. What are your thoughts? Do you have a recommendation for another video conferencing service? Let us know in the comments section below.