4. HIPAA Rules
1. The Security Rule - administrative, technical and physical
safeguards
https://www.hhs.gov/hipaa/for-professionals/security/index.html?
language=es
2. The HIPAA Privacy Rule - focuses on the right of an individual
https://www.hhs.gov/hipaa/for-professionals/privacy/index.html?
language=es
3. Breach Notification Rule - notification following a breach
https://www.hhs.gov/hipaa/for-professionals/breach-notification/
index.html?language=es
5. What is PHI
HIPAA regulations list eighteen different personal identifiers
which, when linked together, are classed as Protected Health
Information
Who has responsibility to protect PHI?
︎Covered Entities︎, ︎Business Associates︎ and ︎sub contractors
13. GCP Compliance
• SSAE16 / ISAE 3402 Type II (including SOC2 & 3)
• ISO27001, 27017, 27018
• FedRamp
• PCI-DSS
• HIPAA
Google Cloud Platform supports HIPAA compliance (within the scope of a
Business Associate Agreement) but ultimately customers are responsible
for evaluating their own HIPAA compliance
18. G Suite
(68% of Healthcare Organizations Have Compromised Email
Accounts)
19. G Suite
1. Same compliance and audits of GCP
2. HIPAA compliance & data protection with G Suite
https://static.googleusercontent.com/media/
gsuite.google.com/en//terms/2015/1/
hipaa_implementation_guide.pdf
3. BAA
4. Permitted services - core services
Gmail, calendar, Drive, Hangouts*, Vaults, etc
5. Monitoring account activity
6. Separation of user access
7. Security best practices