Much of the new regulatory information coming out of Washington is getting increasingly more difficult to translate into English. I was recently asked whether a medical practice could use Google’s free email service GMail instead of spending money on a mail server and its associated server software. After checking with our own head of IT, I discovered it is a bit more complicated than just picking where you want to store your emails.
Buried deep within the HITECH (Health Information Technology for Clinical and Health) Act’s Sub-Title D is the language on privacy directly related to HIPAA (Health Insurance Portability and Accountability Act). Since most of us (health care providers) are considered “covered entities”, we must ensure that not only our employees and staff abide by these rules but our “associates” do as well.
If we started using GMail for our practice’s communication, there would be patient information located on Google’s mail servers and Google would, in fact, be considered one of our associates. This would require entering into a Business Associate Contract with Google, Inc. What do you think the chances are of Google, or a similar technology firm, signing a confidentiality agreement with perhaps thousands of medical practices across the country? I thought so.