Wiki Gmail and PHI?

[NM36]

Hello,

Our answering services sends us messages via an office gmail account. These messages always show the "TLS" encryption method in the header, but I'm wondering if this is sufficient for HIPAA compliance? We don't have a BAA with gmail, it's just the free version.

The answering service claims this is secure and HIPAA compliant, but I have a bad feeling about it. Why would anyone bother with extra encryption services if this was the case?

Any thoughts/ advice appreciated.
NM

 

[CodingKing]

No regular gmail is not HIPAA compliant. BAA is also required for HIPAA compliance

https://www.paubox.com/blog/is-gmail-hipaa-compliant

 

[NM36]

Thanks for the reply, CodingKing!
NM

 

[sconnell08]

Hello,

Yes, they are correct in that it is not HIPAA compliant. However, Google does offer a package called G-suite that includes more security, and they are able to sign a BAA with an organization. Quick question, does your facility have a designated compliance/privacy officer or contact? If not, I would highly suggest that your facility obtain one. A compliance program is mandatory since the implementation of the Affordable Care Act (ACA). Feel free to send me an e-mail at info@codingandcompliance.org for more information or other questions. I would be more than happy to answer them for you. Have a wonderful afternoon.