SecOps Services HIPAA Compliance

Google supports Health Insurance Portability and Accountability Act (HIPAA) compliance (within the scope of a Business Associate Agreement) but ultimately customers are responsible for evaluating their own HIPAA compliance, including when using the SecOps Services.

Covered Services" means the In-Scope Services, excluding the Excluded Services, each as defined below.

1. In-Scope Services. The Business Associate Agreement (BAA) covers the SecOps services described below (the “In-Scope Services”)

  • Breach analytics for Chronicle
  • Mandiant Automated Defense
  • Mandiant Security Validation
  • Digital Threat Monitoring
  • Mandiant Consulting Services
  • Chronicle SIEM
  • Chronicle SOAR

2. Exclusions. Notwithstanding the foregoing, the BAA does not cover the following features or uses for the In-Scope Services (the “Excluded Features”):

a. third party services other than services provided by (i) a Google Affiliate or (ii) a cloud based infrastructure provider included in the Services

b. any on-demand analyst support

c. any non-Google services, software or hardware provided to Google personnel in connection with a Mandiant Consulting Services engagement

d. any API Integration tool that is not secure

e. any Services that are not generally available, including beta features and previews

Implementation Guide

Essential best practices:

  • Execute a BAA. You can request a BAA directly from your account manager.
  • Disable or otherwise ensure that you do not use services that are not covered by the BAA when working with PHI. 
  • Turn off Excluded Services so that end users do not use services not covered by the BAA.
Previous versions (Modificación más reciente 14 de febrero de 2024)
Google Cloud
  • ‪English‬
  • ‪Deutsch‬
  • ‪Español‬
  • ‪Español (Latinoamérica)‬
  • ‪Français‬
  • ‪Indonesia‬
  • ‪Italiano‬
  • ‪Português (Brasil)‬
  • ‪简体中文‬
  • ‪繁體中文‬
  • ‪日本語‬
  • ‪한국어‬
Consola
Google Cloud