Google Meet is an innovative VoIP and videoconferencing program that healthcare providers can use to deliver telehealth services, remote consultation services, and virtual patient sessions. However, is Google Meet compliant with HIPAA?
Google Meet is quickly turning into the trusted videoconferencing service for companies in all industrial sectors because other productivity tools are easily integrated in the Google Workspace Suite. Nonetheless, when healthcare providers use the service to send Protected Health Information (PHI), there must be some measures in place to ensure Google Meet HIPAA compliance.
To begin with, before using Google Meet to gather, share, or send Protected Health Information, a healthcare company needs to register to a Business Google Workspace or Cloud Identity account and agree to the Business Associate Addendum of Google. The Addendum gives details concerning which of Google´s services are HIPAA compliant and what are the responsibilities of customers.
Having signed the Business Associate Addendum (BAA) does not make Google Meet HIPAA compliant. To support compliance, system administrators still ought to set up the service. For instance, Meet must be made the default videoconferencing service of the company so that workstations won’t prompt calls using Hangouts, which does not comply with HIPAA when utilized in video mode.
It may additionally be required to keep private all Google Meet invites so as to hide any PHI noted in the invites (for example, patients´ names) and to limit access to Meet video recordings, which are stored in Google Drive automatically. It will definitely be required to create guidelines on the right way to use Google Meet to comply with HIPAA and teach employees about the policies.
To ensure that healthcare companies and their Business Associates comply with HIPAA when they use Google Meet, Google lately upgraded its Workspace and Cloud Identity Implementation Manual. The Manual gives advice on the right way to use Google Meet in compliance with HIPAA, along with all the tools available in the Workspace and Cloud identity services included in the Business Associate Addendum.
The Importance of HIPAA Compliance in Telehealth
It is said that healthcare experts frequently mistakenly think that talking about ePHI through any communication channel complies with HIPAA if the communication is directly from a healthcare specialist to a patient. This isn’t correct, and there are a lot of examples of unencrypted messages that are intercepted or viewed impermissibly.
Therefore, it is essential that Covered Entities and Business Associates use a safe and HIPAA-compliant tool like Google Meet when offering telehealth solutions. Nevertheless, it is similarly vital that the solution is set up in compliance with the Technical Safeguards of the Security Rule, that exclusively authorized end users can have access to, and that method of checking Google Meet communications is put in place to avoid unintentional or malicious compromise of ePHI.