Webroot Spikes CPU (dramatically)

Gmail as you know it, will not, and never will be HIPAA compliant. Let’s state it for the record: there is no possibility of HIPAA compliance with free Gmail accounts. Google only offers the possibility of HIPAA compliance for paid Google Apps customers with their own domain name. Anyone stating otherwise isn't a certified HIPAA compliance officer, and is giving bad (or worse - dangerous) information. If you sign up for Google Apps, request and sign their BAA, then start sending emails out, you could very quickly be in violation of HIPAA.

 

I am just referring to the link provided i.e.

So you are also questioning the above?
All to say that generalizing is not always useful or correct...

But let's closed it here as this is going really Offtopic ... Waiting for the log via UPS parcel... Lol

 

Agreed, too far off tangent. All I will say is simply because Google will sign BAA's, doesn't mean it's fully compliant. The free Gmail offering is not, and will never be HIPAA compliant, the BAA's are specifically for their business packages. But even then don't assume with a BAA you are compliant. Google will sign a BAA, but that does not meet all the compliance issues. ePHI must be encrypted at rest or in motion (with very few exceptions). It is not encrypted when you send the email to somebody outside your network. So not compliant.

Gmail - Not HIPAA compliant.
Google Business Packages - Not HIPAA compliant.
Google Business Packages with signed BAA - Partially HIPAA compliant.

I find many practioners actually using Gmail free, under the false assumption it's complaint. Not a problem, unless audited, and then the problems arise, and you start writing checks for fines. I've seen doctors hit with six figure fines, it's serious business, part of the reason there are extensive certifications and courses for compliance officers, and auditing agents.

Back on topic though! Sorry for derail. Good read here;

http://www.4medapproved.com/hitsecurity/hipaa-compliant-e-mail/