Google Cloud Platform Gains HIPAA Agreement Support

By Todd R. Weiss  |  Posted 2014-02-10

Google Cloud Platform Gains HIPAA Agreement Support

Google Cloud Platform has added support for HIPAA-mandated Business Associates Agreements (BAAs), which will help health care organizations comply with the Health Insurance Portability and Accountability Act when using the Google Cloud Platform for their applications.

The BAA support, which will allow organizations to build and deploy their health care applications on the Google Cloud Platform and comply with the HIPAA requirements, was announced by Matthew O'Connor, product manager for the unit, in a Feb. 5 post on the Google Cloud Platform Blog.

"To serve developers who want to build these applications on Google's infrastructure, we're announcing support for Business Associates Agreements (BAAs) for our customers," wrote O'Connor. "A BAA is the contract between a Covered Entity (you, the developer) and their Business Associate (Google) covering the handling of HIPAA-protected information."

HIPAA is the federal law that establishes standards around privacy, security and breach notification in the handling and storage of health care records for patients. The establishment of HIPAA regulations has meant that patient records are more secure and must be handled with more care by health care organizations.

"When you're building a healthcare-related application, not only do you need the right code and a reliable user experience, sometimes it feels like you need to be a lawyer too" since the rise of HIPAA rules, wrote O'Connor. "Often, there are several additional steps to take into consideration."

When using Google Cloud Platform for applications, that can mean even more checklists and compliance issues.

"When building in the cloud, it can be challenging to ensure that you're complying with these regulations," wrote O'Connor.

In 2013, Google began entering into BAAs with Google Apps customers to support their HIPAA-regulated data, according to O'Connor.

Google already features compliance steps in its Cloud Platform and Google Enterprise services for other business users who require it, according to O'Connor, including ISO 27001, which is one of the most widely recognized, internationally accepted independent security standards. "After earning ISO 27001 for Google Apps in 2012, we renewed our certification again last year for Google Apps and received the certification for Google Cloud Platform," he wrote.

Google Cloud Platform Gains HIPAA Agreement Support

Google Cloud Platform also includes support for the SOC2, the SSAE 16 Type II audits and for its international counterpart, the ISAE 3402 Type II audit, so that users can document and verify the data protections in place for their services, wrote O'Connor.

"We've successfully completed these audits for Google Apps every year since 2008 (when the audits were known by their previous incarnation, SAS 70) and we did so again last year for Google Apps and Google Cloud Platform," he wrote.

Google is always working to expand the customer features of its Google Cloud Platform offering. In November 2013, Google began a program to show game developers how they could build scalable games using the platform so they could expand their games to more users as needed.

In late October 2013, Google replaced its old Google API Console with a new, expanded and redesigned Google Cloud Console to help developers organize and use the more than 60 APIs now offered by Google. The new Google Cloud Console makes managing the over 60 Google APIs housed within easier than ever, according to Google. Soon the new cloud console will be set as the default choice for the console by Google, though users will have the ability to revert back to the old version.

Also in October, Google released several technical papers to help cloud developers learn more about the development tools it offers through its Google Compute Engine services. The papers, "Overview of Google Compute Engine for Cloud Developers" and "Building High Availability Applications on Google Compute Engine," offer insights and details about how the platform can be used and developed for business users.

In September 2013, Google unveiled its second version update of the Google App Engine since August, with the latest release 1.8.4 including a host of features that the company says will make it more flexible and simpler for developers to use for their applications. Included in 1.8.4 is support for Dynamic Web Projects in Eclipse to better support Google Cloud Endpoints and App Engine Backends, as well as fixes for several bugs. One other important new feature is the ability of Google App Engine to handle differential snapshots of a Google Compute Engine persistent disk, so that only the most recently changed data is updated.

The August launch of the previous App Engine 1.8.3 was also accompanied by deeper features for Google Compute Engine and the Google Cloud Datastore as the search giant continues to add functions and robustness to the Google Cloud Platform.

The new tools included Layer 3 load balancing for Google Compute Engine and improvements to the PHP runtime in the latest Google App Engine release. The Layer 3 load balancing capabilities were a key addition in the Google Compute Engine, to provide Google-scale throughput and fault tolerance to manage Internet applications.

In July 2013, Google unveiled several new features in the Google Cloud Storage environment to make it easier for developers to manage, access and upload data into the cloud. Those new capabilities included automatic deletion policies, regional buckets and faster uploads as part of a wide range of services.

In June 2013, Google unveiled a new Cloud Playground environment where developers can quickly try out ideas on a whim, without having to commit to setting up a local development environment that's safe for testing coding experiments outside of the production infrastructure. The Cloud Playground is slated as a place where application developers can try out all kinds of things, from sample code to viewing how production APIs will behave, in a safe, controlled place without having to manage the testing environment, according to Google. The new Cloud Playground initially supported only Python 2.7 App Engine apps.

Rocket Fuel