Google Cloud Platform Gains HIPAA Agreement Support

Google Cloud Platform now includes the availability of Business Associates Agreements (BAAs) for customers who must prove HIPAA support.

Google Cloud Platform has added support for HIPAA-mandated Business Associates Agreements (BAAs), which will help health care organizations comply with the Health Insurance Portability and Accountability Act when using the Google Cloud Platform for their applications.

The BAA support, which will allow organizations to build and deploy their health care applications on the Google Cloud Platform and comply with the HIPAA requirements, was announced by Matthew O'Connor, product manager for the unit, in a Feb. 5 post on the Google Cloud Platform Blog.

"To serve developers who want to build these applications on Google's infrastructure, we're announcing support for Business Associates Agreements (BAAs) for our customers," wrote O'Connor. "A BAA is the contract between a Covered Entity (you, the developer) and their Business Associate (Google) covering the handling of HIPAA-protected information."

HIPAA is the federal law that establishes standards around privacy, security and breach notification in the handling and storage of health care records for patients. The establishment of HIPAA regulations has meant that patient records are more secure and must be handled with more care by health care organizations.

"When you're building a healthcare-related application, not only do you need the right code and a reliable user experience, sometimes it feels like you need to be a lawyer too" since the rise of HIPAA rules, wrote O'Connor. "Often, there are several additional steps to take into consideration."

When using Google Cloud Platform for applications, that can mean even more checklists and compliance issues.

"When building in the cloud, it can be challenging to ensure that you're complying with these regulations," wrote O'Connor.

In 2013, Google began entering into BAAs with Google Apps customers to support their HIPAA-regulated data, according to O'Connor.

Google already features compliance steps in its Cloud Platform and Google Enterprise services for other business users who require it, according to O'Connor, including ISO 27001, which is one of the most widely recognized, internationally accepted independent security standards. "After earning ISO 27001 for Google Apps in 2012, we renewed our certification again last year for Google Apps and received the certification for Google Cloud Platform," he wrote.