Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            OPERATIONS ONLY - Google Account Information

            Created by Lynn Shoop, Modified on Wed, Mar 4 at 2:29 PM by Lynn Shoop

            BAA Signed by Alex Durfee 5/9/19

            Google's Security Certifications and third-party audits:
            Summary
            ISO 27001 certificate
            SOC 3 report


            Should be reviewed:
            1. Local Privacy Rep?
            2. Data Protection Officer?
            3. Cloud Data Processing Addendum (CDPA) should this be accepted? It's currently not.             


            HIPAA Retention Requirements
            Does the HIPAA Privacy Rule require covered entities to keep patients' medical records for any period of time?
            No, the HIPAA Privacy Rule does not include medical record retention requirements. Rather, State laws generally govern how long medical records are to be retained. However, the HIPAA Privacy Rule does require that covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of medical records and other protected health information (PHI) for whatever period such information is maintained by a covered entity, including through disposal. See 45 CFR 164.530(c).


            What Are Covered Entities Under HIPAA?
            Healthcare Providers
            Health Plans
            Healthcare Clearinghouses
            What is a Business Associate?
            Business associates of HIPAA covered entities include third-party administrators, billing companies, transcriptionists, cloud service providers, data storage firms – electronic and physical records, EHR providers, consultants, attorneys, CPA firms, pharmacy benefits managers, claims processors, collections agencies, and medical device manufacturers.
            Does a covered entity have to sign a Business Associate Agreement to use Gmail?
            A covered entity cannot sign a Business Associate Agreement to use the free version of Gmail because Google will not enter into a Business Associate Agreement for free services. If PHI is disclosed in an email sent from a personal Gmail account (not to a Gmail account), it is a violation of HIPAA. Covered entities should only use Gmail as their email provider if the email service is included in a Workspace or Cloud Identity account covered by a Business Associate Addendum to Google’s Service Agreement.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0