What is the purpose of the BAA (Business Associate Agreement) with Google and how is it executed?
The BAA allows covered entities and business associates to enter into an agreement with Google that governs the processing of PHI through Google Cloud.
In order to execute a BAA, organizations that use Google Cloud should talk to their account managers about entering into a BAA with us.
Is having a BAA with Google Cloud sufficient to ensure my organization’s compliance with HIPAA?
The covered entity that enters into the BAA with Google Cloud is responsible for building a HIPAA compliant solution using the approved Google Cloud services. After the solution is built, the covered entity is responsible for the implementation of compliance controls.
Can my organization request to modify the BAA?
The BAA is not subject to modification.