The HIPAA Guide - Celebrating Over 15 Years Online

Can Google Sheets Be Used with PHI by Healthcare Organizations?

March 11, 2024HIPAA Advice Articles0

Can Google Sheets Be Used with PHI by Healthcare Organizations

Google Sheets can be used with PHI by healthcare organizations provided the program is used as part of a Google Workspace account that is configured to control access to Google Sheets stored in Google Drive, and provided healthcare organizations agreed to Google’s Business Associate Addendum to the Workspace Terms of Service.

The HIPAA Rules require healthcare organizations to implement safeguards that keep the confidentiality, availability and integrity of PHI. It is easier to secure data with internal system controls in place. However, when third parties are contracted for services that require PHI access, the only way to ensure data security is to oblige the service provider to abide by HIPAA rules covering security, privacy and breach notifications.

A third-party that is given access to PHI in order to perform its services is considered as a business associate. Before providing any service or accessing PHI, a business associate must first enter into a contract called business associate agreement (BAA) with the HIPAA-covered entity. As stipulated in the agreement, the business associate promises to comply with the applicable rules covering HIPAA Privacy, Security and Breach Notification. It is considered a HIPAA violation if sharing of PHI takes place before a BAA is signed.

Even though Google claims that it does not view any information stored in Google Sheets, a BAA is still required because Google can potentially access the stored information on its servers. Google acknowledges the requirements of HIPAA and is committed to protecting the data privacy of users. Hence, there is no problem with Google when it comes to signing a BAA.

In fact, it is mentioned in Google’s terms and conditions that HIPAA covered entities and business associates that wish to use G Suite, which includes Google Drive, Google Docs, Google Sheets, Google Forms and Google Slides, with PHI must first have a duly-signed BAA. Google supports HIPAA compliance and willingly signs a BAA for the following products: G Suite Basic, G Suite for Education, G Suite Business and G Suite Enterprise domains.

Once the  necessary BAA is signed for the use of Google Sheets and other G Suite products, the responsibility to use these products in a manner that will not violate HIPAA Rules rests on the covered entity and business associate.

HIPAA
Compliance
Checklist

Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/

Copyright © 2007-2024 The HIPAA Guide       Site Map      Privacy Policy       About The HIPAA Guide       Terms and Conditions       Accessibility Statement