Is Google Apps HIPAA Compliant? 

Edited 10/10/2013:  Google now has a BAA that it will enter into with your company.  You can apply at this Link: https://support.google.com/a/answer/3407054?hl=en&ctx=go 

There are no systems that are HIPAA certified as there is not a certification process today. HIPAA is more of a guideline on what Policies and Procedures that the organization needs to document in order to be HIPAA compliant. Google Apps is a tool in which if used correctly could be used to house HIPAA information as well as transmit the information with Google Message Encryption. 

There are a few different thoughts on if a cloud service provider could meet the HIPAA Security Standard in general. One thought is that a larger organization could provide more security and protection to their assets, which would include their customer assets as well. They have the ability to constantly monitor and assess the threats, as well as continually mitigate the systems to keep the information safe. Smaller organizations would need to keep the same monitoring and mitigation process as the larger ones, as well as keep expertise on how these threats are impacting the assets and if they have been compromised. 

Overall the amount and degrees of security threats as well as the obscurity of the threats continues to increase. Most small businesses do not have the resources to dedicate to this monitoring aspect and shut down the possibilities of increased access for the convenience of the client due to the amount of unknown. 

Google Apps are a set of tools which has the capabilities to be used for Private Health Information (PHI) when used correctly. The audit features of Google Apps products can provide the access records as well as the revision history in the Google Apps Drive applications. Combine these with the Google Message Ecryption add-on for the transmission of data via email, the toolset provides great possibilities for allowing organizations of any size to help become HIPAA compliant at a reasonable cost to the organization. 

Here are some links to help with the discussion: 

 Damon is a Pharmacy major in healthcare informatics and has completed a Matrix of Google's security policy to HIPAA security standard as well which is a link at the bottom of the discussion. 

    How NC State uses Google Apps