Health Insurance Portability and Accountability Act (HIPAA) has introduced certain rules to ensure the security of medical documents. The email provider that meets the regulations specified in this act is ‘HIPAA Compliant’. Being the top leading competitors, let us see whether Google or Microsoft is HIPAA Compliant.
HIPAA Requirements While Using Email
- Ensure Strong Security: As per Section 164.314(a) of HIPAA, the health care provider should ensure that everyone who handles confidential and personally identifying information complies with the safeguards specified by HIPAA laws. Hence, it is necessary to ensure extra security for email used for sending medical documents.
- Consent from Client: A new rule named ‘Omnibus Final Rule’ was released under HIPAA on March 18, 2013. According to this rule, clients must be informed about the risks associated with sending confidential health reports through email. The authorization for communication via email should be signed only after getting consent from the clients who got the risk information. Healthcare providers usually have consent forms that clients are required to fill out before they give the authorization.
- Business Associate Agreement: Most of the healthcare providers seek help from a third party provider for email. HIPAA refers to such firms as ‘Business Associates’ and insist that it is the responsibility of the Business Associates to sign an agreement that states they assure the protection of patients’ confidential medical documents maintaining the same high standards as required of the healthcare provider.
How Google and Microsoft Deal with HIPAA Requirements
When we compare the HIPAA compliancy of Google and Microsoft, it is necessary to consider their recent endeavors namely Google Apps and Microsoft Office 365 which provide more efficient email facility along with certain services.
Google Apps include almost all types of Google services for business including Gmail, Calendar, Drive, Sheets, Sites and more. All these services can be accessed with Gmail account and are free, convenient and secure. Hence, it is well-suited for creating healthcare reports and documents and sending them via Gmail to the relevant professionals. Microsoft Office 365 is the latest product from Microsoft which provides enterprise-grade and business email facility using Microsoft Outlook. It can connect with the healthcare ecosystem by making use of robust security technologies. Single user interface is there for data sources to access more than one clinical or informational system at a time.
Here is the comparison of both products regarding HIPAA requirements. The consent requirement is not discussed in this comparison as it is managed by your own office.
Microsoft Office 365
Lack of Business Associate Agreement is the major bottleneck associated with handling healthcare documents using Gmail facility from Google. Healthcare providers using Gmail to communicate with patients are in fact violating HIPAA terms. Without a second thought, now we can say that Microsoft is HIPAA Compliant compared to Google.