Google Calendar HIPAA Compliant: Security Features
When determining if Google Calendar is HIPAA compliant, the first step is to conduct a risk analysis. A risk analysis identifies any potential risks that arise when using Google Calendar in conjunction with electronic protected health information (ePHI). If there are risks identified by conducting a risk analysis, before using Google Calendar with PHI, risks must be addressed with remediation efforts.
It is also essential to implement audit and access controls within the platform before using Google Calendar for scheduling patient appointments.
◈ Access controls. As part of HIPAA requirements, access to PHI must be limited to only those that need access to perform a specific job function. As such, access controls must be implemented to ensure adherence to this standard. Access controls designate different levels of access to PHI to employees based on their job function. Google Calendar enables access controls; however, the feature must be activated.
◈ Audit logs. To ensure that access to PHI is in accordance with HIPAA standards, it is important to track access to PHI with audit logs. Audit logs keep a detailed account of who accesses PHI, what information they access, and how long they accessed it for.