Is Google Forms HIPAA Compliant? | HIPAA Compliance for Medical Practices | Scoop.it

Google Forms is a cloud-based form that can be used to conduct surveys or fill out questionnaires.

 

A provider may use Google Forms to get feedback from patients about recent appointments, or to inquire if they would be interested in a particular service, should the provider choose to add it to their services.

 

However, before a provider may use Google Forms for this type of communication, it is important to determine whether or not Google Forms is HIPAA compliant. Google Forms HIPAA compliance is discussed below. 

Google Forms HIPAA Business Associate Agreement

A key factor when determining a software’s HIPAA compliance is the willingness to sign a business associate agreement (BAA). Google Forms is part of Google’s G Suite offerings, and as such is covered under the G Suite business associate agreement. Before a user is permitted to use Google Forms in conjunction with protected health information (PHI), the user must sign Google’s BAA.

 

For more information on how to get your Google Forms HIPAA BAA, please click here.

Google Forms HIPAA Safeguards

In addition to its willingness to sign a BAA, HIPAA compliant software must include safeguards to ensure the confidentiality, integrity, and availability of PHI: 

  • Access controls. Allows administrators to designate different access levels to information based on an employee’s job function.
  • Audit controls. Tracks access to information to ensure that protected health information is accessed in accordance with the HIPAA Privacy Rule minimum necessary standard.
  • User authentication. Utilizes unique login credentials to ensure that users are who they appear to be.
  • Encryption. Masks sensitive data so that it can only be accessed by authorized users.

For more information on Google Forms HIPAA compliant configuration, please click here.

Google Forms HIPAA Training

No software is fully HIPAA compliant, it is up to the end user to ensure that it is being used in a HIPAA compliant manner. Google Forms HIPAA training is essential for all users to understand how to use the platform in a HIPAA compliant manner. All employees that will be using Google Forms should be trained on proper use before they are permitted to use the platform.