Is Google Voice HIPAA Compliant: Security Features
One of the most important aspects of HIPAA compliance is ensuring the confidentiality, integrity, and availability of protected health information (PHI). This is accomplished through the implementation of HIPAA safeguards. Therefore when determining Google Voice HIPAA compliance, it is important to note their security features that safeguard PHI.
Google enables the following:
◈ Access controls. Allows administrators to designate different access levels to information based on an employee’s job function.
◈ Audit controls. Tracks access to information to ensure that protected health information is accessed in accordance with the HIPAA Privacy Rule minimum necessary standard.
◈ User authentication. Utilizes unique login credentials to ensure that users are who they appear to be.
◈ Encryption. Masks sensitive data so that it can only be accessed by authorized users.
However, no software can be considered fully HIPAA compliant, as software HIPAA compliance comes down to how an end user utilizes the software. As such, before implementing a new software in your organization, you must ensure that the above mentioned security features are enabled. In addition, employee’s must be trained in the proper use of the software to ensure use and disclosure of PHI within the platform is in accordance with HIPAA standards.
Is Google Voice HIPAA Compliant: Business Associate Agreements
Under HIPAA, software providers are considered business associates when creating, receiving, transmitting, storing, or maintaining PHI on behalf of their covered entity clients. HIPAA requires healthcare organizations to sign business associate agreements (BAAs) with their business associates before it is permitted to share PHI with them.
So when determining Google Voice HIPAA compliance, you must consider whether or not they are willing to sign a BAA. Google will sign a BAA with their Google Voice for G Suite customers, but will not for the free version of Google Voice.