HIPAA Compliance for Medical Practices
82.7K views | +35 today
HIPAA Compliance for Medical Practices
HIPAA Compliance and HIPAA Risk management Articles, Tips and Updates for Medical Practices and Physicians
Your new post is loading...
Your new post is loading...

Is Google Forms HIPAA Compliant?

Is Google Forms HIPAA Compliant? | HIPAA Compliance for Medical Practices | Scoop.it

Google Forms is a cloud-based form that can be used to conduct surveys or fill out questionnaires.


A provider may use Google Forms to get feedback from patients about recent appointments, or to inquire if they would be interested in a particular service, should the provider choose to add it to their services.


However, before a provider may use Google Forms for this type of communication, it is important to determine whether or not Google Forms is HIPAA compliant. Google Forms HIPAA compliance is discussed below. 

Google Forms HIPAA Business Associate Agreement

A key factor when determining a software’s HIPAA compliance is the willingness to sign a business associate agreement (BAA). Google Forms is part of Google’s G Suite offerings, and as such is covered under the G Suite business associate agreement. Before a user is permitted to use Google Forms in conjunction with protected health information (PHI), the user must sign Google’s BAA.


For more information on how to get your Google Forms HIPAA BAA, please click here.

Google Forms HIPAA Safeguards

In addition to its willingness to sign a BAA, HIPAA compliant software must include safeguards to ensure the confidentiality, integrity, and availability of PHI: 

  • Access controls. Allows administrators to designate different access levels to information based on an employee’s job function.
  • Audit controls. Tracks access to information to ensure that protected health information is accessed in accordance with the HIPAA Privacy Rule minimum necessary standard.
  • User authentication. Utilizes unique login credentials to ensure that users are who they appear to be.
  • Encryption. Masks sensitive data so that it can only be accessed by authorized users.

For more information on Google Forms HIPAA compliant configuration, please click here.

Google Forms HIPAA Training

No software is fully HIPAA compliant, it is up to the end user to ensure that it is being used in a HIPAA compliant manner. Google Forms HIPAA training is essential for all users to understand how to use the platform in a HIPAA compliant manner. All employees that will be using Google Forms should be trained on proper use before they are permitted to use the platform. 

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004


Training HIPAA Breach Notification Rule Compliance

Training HIPAA Breach Notification Rule Compliance | HIPAA Compliance for Medical Practices | Scoop.it

When the HIPAA Omnibus Rule went into effect in January 2013, it included new privacy and security regulations. It also modified the definition of a HIPAA breach, and included new requirements related to breach notification. If your health system has not briefed all of its employees on these changes, it needs to do so—and soon.  

Under the HIPAA Omnibus Rule, maximum penalties for HIPAA noncompliance increased to $1.5 million per violation, depending on the extent of the violation. Should a breach occur at your facility, failure to comply with the Breach Notification Rule in a timely manner could bring you closer to that maximum fine. 

To reduce the likelihood of such a problem occurring at your healthcare system, it’s a good idea to dedicate one of your HIPAA training sessions to the Breach Notification Rule. Here are five of the most important issues to focus on during HIPAA training.

#1: Training on the definition of a breach and on the definition of protected health information (PHI).

To ensure your employees help you comply with the Breach Notification Rule, you must first make sure that they understand what constitutes a breach. If not, they may overlook when a breach does occur at your healthcare system, and therefore, fail to help you take the appropriate measures required under the notification rule.

In addition to defining a breach during training sessions, share examples of real-world breaches that have occurred at similar healthcare systems. This will help employees gain a more thorough understanding of what constitutes a breach.

#2: Training on the notification rule.

Your employees must also understand what steps they should take if they suspect a breach has occurred. Depending on how many individuals are affected by the breach, HIPAA requires covered entities to notify the affected individuals, the media, and HHS within 60 days following the discovery of the breach.

To ensure employees understand the importance of acting quickly, make sure they are aware of the basic notification rule requirements, and also, the penalties your healthcare system will face for failure to comply.

Note: The individuals who will be responsible for complying with the breach notification requirements once a breach has occurred, such as your organization’s HIPAA compliance officer, should receive special, more in-depth training on how to handle this process appropriately. For more information, visit www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/index.html. 

#3: Training on how employees should handle a suspected breach. 

Your employees may be the first to identify a potential HIPAA breach, so provide guidance during training sessions regarding how they should handle such a scenario. Make sure they know who is in charge of HIPAA compliance and how to contact that individual if they suspect a breach. Also, tell them what to expect if they do voice concerns of a suspected breach, such as how they will need to share who they believe may have been involved, how the breach may have occurred, when it may have occurred, and what information may have been breached. 

Keep in mind that employees may fear coming forward regarding suspicions of a breach due to fear of backlash from the employees involved. For that reason, make sure employees understand that any concerns they voice regarding a suspected breach will be kept confidential. 

#4: Training on consequences for failure to comply. 

During training sessions, notify employees of the consequences associated with breaches and failure to notify the compliance officer if a breach has occurred. These consequences should be consistent for all employees, including physicians and administrators. 

You may also want to state whether these penalties vary depending on the extent of the violation. For instance, immediate termination may result from a willful disclosure of PHI with malicious intent; while mandatory training may be required if an employee accidentally discloses PHI. Provide employees with a document outlining the various scenarios and penalties. 

#5: Training on protections for those who come forward about suspected breaches. 

In addition to making the penalties and consequences for violations clear, you may also want to make employees aware that in certain situations, they may be awarded protections. For instance, if an employee who took action that may have led to a breach voluntarily admits his or her mistake in a timely manner, that may lessen the consequences associated with the potential breach. This may increase the likelihood that employees will come forward.

No comment yet.