Link to home
Create AccountLog in
Avatar of maharlika
maharlika

asked on

Is Google calendar HIPAA compliant?

Would like to know if anyone is an expert on HIPAA regs--we want to use a shared Google calendar to schedule patients in a clinic.  I've seen articles saying both ways--that this is and is not HIPAA compliant.  I know our gmail accounts aren't encrypted and therefore are not compliant for sending patient data, so I assume other google apps are not unless we specifically get an encrypted version. Thanks for your input
ASKER CERTIFIED SOLUTION
Avatar of TheSchwenkster
TheSchwenkster
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
First off, no technology itself can ever be HIPAA compliant, as compliance requires policies, procedures, and validation of how the technology is used.

All Google Apps data is encrypted at rest and, by setting, in transit.  Google Calendar, if implemented properly, can be part of a HIPAA compliant solution.  You need to manage ownership and access to the calendar properly, and have policies/procedures in place to verify this is done.

Google Health is a different product.   It is not covered by HIPAA because it is for the end user (patient).
Anything that could possible identify the patient would is prohibited.  Anything - so you couldn't use their name, address, etc. only maybe a unique number that you assign to each person.  It is very strict, for example, I have three people in my house that order medicine on-line.  I mean immediate family - we all know each others business - I still have to have a separate e-mail account for each person because the pharmacy uses their e-mail address as their account identifer.  That is the only option I have.

I have a slew of doctors.  They all make me telephone for appointments.  Which they write down in an appointment book.  If I forget or want to know about it, I have to call in and ask.
Are you looking to make the schedule visible to patients for requesting appointments, or just for internal appointment management?

If for patients, there are solutions that provide a secure portal in front of the calendar that maintain privacy.
Avatar of maharlika
maharlika

ASKER

allenfalcon: this would only be for the physicians' office internal use
Maharliaka:  Then the system offers the encryption and security required to keep the data private.