VideoSoln

How to Sign BAA with Google Workspace

by

Trevor Nace
in

To comply with HIPAA (Health Insurance Portability and Accountability Act) regulations, organizations in the healthcare industry or handling Protected Health Information (PHI) need to sign a Business Associate Agreement (BAA) with Google when using Google Workspace. Here’s a step-by-step guide on how to sign a BAA with Google Workspace:

Step 1: Verify Eligibility for Google Workspace BAA

  • Only Google Workspace customers using paid plans (such as Business, Enterprise, or Education) are eligible to sign a BAA with Google.
  • Ensure your organization meets HIPAA requirements, and that Google Workspace will only be used for HIPAA-covered activities.

Step 2: Log in to the Google Admin Console

  • Go to the Google Admin Console and log in with a super admin account for your organization.
  • The super admin role is required to access and sign the BAA in the Google Workspace settings.

Step 3: Navigate to the BAA Agreement Section

  • In the Admin Console, go to Account Settings.
  • From here, select Legal & Compliance.

Step 4: Review Google’s HIPAA Implementation Guide

  • Before signing the BAA, it’s recommended to review Google’s HIPAA Implementation Guide to understand how to configure and use Google Workspace in a HIPAA-compliant way.
  • This guide will outline the HIPAA-compliant services within Google Workspace and the specific configuration settings you should enable to safeguard PHI.

Step 5: Request and Sign the BAA

  • In the Legal & Compliance section, you’ll see the option to review and accept the Business Associate Agreement.
  • Click on the HIPAA Business Associate Agreement link to open and review the document.
  • Read through the terms of the agreement, which outlines Google’s obligations regarding the handling of PHI.
  • If you agree with the terms, check the “I accept” box and submit your acceptance.

Step 6: Configure Google Workspace for HIPAA Compliance

  • After signing the BAA, ensure your Google Workspace environment is configured to comply with HIPAA by:
    • Enabling two-step verification for all users.
    • Configuring data loss prevention (DLP) settings for Gmail and Drive.
    • Setting up access controls to restrict PHI access only to authorized personnel.
  • Google’s HIPAA Implementation Guide will provide specific instructions for setting up these configurations.

Step 7: Document and Maintain Compliance

  • Maintain documentation of the signed BAA for compliance purposes.
  • Periodically review your Google Workspace settings and policies to ensure ongoing HIPAA compliance, especially if new features or services are added.

By following these steps, you can secure a signed BAA with Google, enabling your organization to use Google Workspace while meeting HIPAA requirements for handling sensitive healthcare data.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *