GCP – HIPAA Compliant?
Alicia: Hello everybody, thank you for joining us again today! My name is Alicia Kay, and here we have the CEO of HIPAA Vault, Gil Vidals. So today I wanted to talk about GCP, Google Cloud Platform. Is that HIPAA compliant?
Gil: Alicia you’re going to love my answer: yes and no. I hate that answer, I hate when people say that to me, yes and no. But that’s the true answer.
Alicia: Okay let me narrow it down a little bit then. What about Google email, Gmail, is that HIPAA compliant?
Gil: Gmail okay, if you’re using the free you can forget about it. And specifically the reason why free Gmail isn’t compliant is there’s no archiving, you can’t delete an email message from free Gmail and then go back and find it 6 years later. You need to have archiving and that’s not available in the free version.
Alicia: Even though it’s the https, the secure is on there?
Gil: Yes, the transport is secure, so when you send the message it’s secure, but you don’t really know who on the other end is going to be reading it, if they have it encrypted, but on top of that you don’t have the archiving, you’re not keeping the messages for years like you’re supposed to.
Alicia: Okay is there a way to make it HIPAA compliant or do you have to use a different service?
Gil: You can make free Gmail HIPAA compliant but it’s really incomplete, I would just buy the GSuite. I mean c’mon, you’re risking a lot by trying to force the free one, just buy the GSuite business or enterprise and start with that as a platform.
Alicia: So that’s what you would recommend?
Gil: I would recommend starting with that, but there’s something you need on top and that’s called the Virtru Encryption module, have you heard of that?
Gil: Okay, so the Virtru Encryption module is an add-on that has to be turned on and purchased, and it’s the only way that Google allows and provides a way to do encryption, and you have to buy that module, so we can help with that if that’s needed.
Alicia: Okay, alright, is that all you wanted to say about this topic?
Gil: Well, I think there’s more to talk about in encryption, but be careful with how you set things up, don’t just assume because it has the word “Google” in front of it it’s all ready to go. There are things you have to configure and use properly.
Alicia: Okay, alright, thank you so much guys!
Gil: Yeah leave us some comments and we’d really appreciate that, thank you!