Google cloud gets on board with HIPAA

By Erin McCann
05:00 AM
Google cloud on board with HIPAA
To all the developers building applications in the cloud that need to comply with HIPAA privacy rules: You've just gained a big ally. 
Internet behemoth Google recently announced its cloud platform will now be HIPAA-friendly and will support business associate agreements going forward. 
Google started inking business associate agreements back in 2013 when the HIPAA Final Omnibus Rule went into effect, making BAs accountable for violating certain HIPAA privacy and security rules.

This February, the company went one step further. 
"To serve developers who want to build these applications on Google's infrastructure, we're announcing support for business associates agreements for our customers," wrote Google Cloud Platform Product Manager Matthew O'Connor, in a Feb. 5 company post. "We’re looking forward to supporting customers who are subject to HIPAA regulations on Google Cloud Platform."
The HIPAA final omnibus rule took effect September 2013, and it made BAs directly liable for violations of HIPAA rules. The rule also expanded the definition of a BA to include health information organizations, e-prescribing gateways, PHR providers, patient safety organizations and subcontractors with access to protected health information. Moreover, subcontractors are now defined as business associates. 
After the rule went into effect, many covered entities reported having difficulties getting BAs to actually sign business associate agreements. 
Healthcare IT News spoke with BakerHostetler's Privacy and Security Attorney Ted Kobus back in August 2013, right before the HIPAA final rule took effect. He said that, overall, BAs have been less prepared.

"We see them asking for help with compliance issues, business associate agreements, questions about cloud computing and general compliance questions," Kobus said.

Lynn Sessions, healthcare privacy attorney, also with BakerHostetler, works with many of the more sophisticated BAs on updating their agreements; she said the ones dragging their feet with HIPAA are the cloud providers.

Organizations "new to the party, like cloud providers who thought they were never business associates in the first place, are having to play catch up," said Sessions.

Cloud computing in healthcare is poised for explosive growth. By the end of 2013, analysts estimated the global market would hit nearly $4 billion, representing more than 21 percent growth from 2012, according to the findings of a September 2013 Kalorama report. In comparison, health IT spending over the year was only projected to increase by nearly 11 percent.

"EMR is driving this market," said Bruce Carlson, publisher of Kalorama Information, in a Sep. 19 press statement. "Hospitals are building great systems for gathering electronic records, but they need solutions to store all of that data, and it can't be a new server wing that might compete with needed space for care."

[See also: Ready or not: HIPAA gets tougher today]