Expanding the reach of Google Cloud Platform’s HIPAA-compliant offerings for healthcare
Rohit Talreja
Technical Program Manager, Healthcare & Life Sciences Compliance, Google Cloud Platform
Joe Corkery, M.D.
Director of Product Management, Healthcare & Life Sciences, Google Cloud
At Google Cloud, we strive to create innovative and elegant solutions to help you address the unique challenges of your industries. In particular, we have a strong and growing focus on making Google Cloud the best platform for the healthcare industry as has been evidenced at numerous events over the past year, including HIMSS, RSNA and Google Cloud Next. We’ve showcased a number of solutions, including a clinical data warehouse, integration with multiple radiology workflows, an API-enabling an entire country’s healthcare system, as well as a petabyte-scale genomics processing capabilities.
Of course, no solution, whether it be for handling patient data or billing records, can be considered complete without proper consideration of the relevant data security and compliance requirements. Google Cloud Platform (GCP) offers market-leading security technologies, such as encryption by default, both at rest and in transit, trusted server boot and data loss prevention tools, which can help our customers jumpstart their compliance journeys. We've been steadily increasing the number of services covered by the Google Cloud Platform HIPAA Business Associate Agreement (BAA) in line with the overall growth of the product suite. Currently, we have around 75% of applicable GCP services covered under our BAA.
Today we're excited to announce a new addition to our HIPAA BAA, Google App Engine. App Engine offers customers the ability to build highly scalable web and mobile applications without having to worry about managing the underlying infrastructure and other overhead that comes from managing large-scale web applications. With this release, customers will now be able to leverage App Engine to build applications serving the healthcare sector. Many of our customers, for example CSG Actuarial, LLC, are already taking advantage of these additions:
CSG Actuarial, LLC utilizes Google Cloud Platform to quickly design and implement innovative solutions for producers in the insurance industry. We are excited to be introducing a multi-carrier Medicare Supplement online enrollment tool in February, where we will be able to securely store personal health information with Google App Engine under the Google Cloud Platform HIPAA BAA
— Bryan Neary, Principal, CSG Actuarial, LLC
In addition, GCP’s AI and machine learning capabilities, including the Speech, Translation, Vision, and Natural Language APIs, as well as Cloud Machine Learning Engine, are covered by the HIPAA BAA. These products allow customers to leverage pre-trained models in the form of APIs and custom trained models with Cloud Machine Learning Engine. Cloud Machine Learning Engine provides a managed solution for the popular TensorFlow open source machine learning framework, allowing customers to develop, train, and run custom models on HIPAA-covered data on Google Cloud.
The ability to train robust machine learning models in a secure, privacy-respecting and HIPAA compliant manner is central to our business. We found Google Cloud Platform to go beyond our expectations in terms of supporting infrastructure enabling us to focus on developing our core application and building on top of the stack that GCP provides.
—John Axerio-Cilies, CTO, Arterys
While there's no formal certification process recognized by the US Department of Health and Human Services for HIPAA compliance, and complying with HIPAA is a shared responsibility between the customer and Google, GCP has undergone several independent audits to assess the controls present in our systems, facilities and operations. This includes the ISO 27018 international standard of practice for protection of personally identifiable information in public cloud services. More information on GCP’s security and compliance efforts, as well as the complete list of services covered by our HIPAA BAA, can be found on our comprehensive compliance site here.
In addition to supporting healthcare, we have also developed industry guidance for life sciences customers working to deploy and validate “good practices” (commonly referred to as GxP) on GCP. Please contact a Google Cloud representative for details. Our recently announced partner, Flex, just launched its BrightInsight platform, built on GCP, that enables pharmaceutical and medical technology companies to optimize therapies through better data management and analysis from Class I, II and III medical devices and combination products. BrightInsight will accelerate the R&D and go-to-market timelines for these companies by delivering a secure, managed infrastructure service for regulated medical devices and therapies, and provides a platform for the development of advanced machine learning and analytics capabilities to deliver real-time actionable insights to its customers.
Flex saw the need for a secure cloud platform designed to support highly-regulated connected drug delivery and medical devices, going beyond simple connectivity to deliver real-time intelligence and actionable insights. Through our strategic partnership with Google, we will be able to deliver a new level of intelligence to healthcare all built within a regulated, managed services framework that is designed to comply with the varying privacy and security laws around the world.
— Kal Patel, MD, Senior Vice President of Digital Health, Flex
To learn more about what we’re doing in the healthcare and life sciences space, visit us at HIMSS this week. In particular, come learn the basics of how to set up a project in the Developer Innovation Lab that can support HIPAA compliance so that you can take advantage of our comprehensive infrastructure, analytics and machine learning capabilities.