[Micronet] HIPAA agreement with google apps

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] HIPAA agreement with google apps

Dav Clark
Apparently, an org can obtain HIPAA compliance for protected health information (PHI) by signing a HIPAA Business Associate Agreement (BAA):


Since the campus is not a HIPAA covered entity, I'm guessing we've not done this. But is there a way I could find out?

Many thanks!
--
Dav Clark
Data Scientist
UC Berkeley D-Lab
510-664-7000

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] HIPAA agreement with google apps

Rick Jaffe
Dav,

For more information, email:

[hidden email]
or [hidden email] for more information.

Rick


On Sat, Aug 23, 2014 at 11:49 AM, Dav Clark <[hidden email]> wrote:
Apparently, an org can obtain HIPAA compliance for protected health information (PHI) by signing a HIPAA Business Associate Agreement (BAA):


Since the campus is not a HIPAA covered entity, I'm guessing we've not done this. But is there a way I could find out?

Many thanks!
--
Dav Clark
Data Scientist
UC Berkeley D-Lab
510-664-7000


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] HIPAA agreement with google apps

paul rivers

The first link accurately represents the current relationship of UC to Google with respect to PHI. Google should not be used for this purpose at present. 

We do have covered components on this Campus subject to HIPAA. An appropriate BAA in place would merely be a prerequisite for compliance. There would remain many other obligations on a Campus unit for HIPAA compliance that would not be transferred to the partner.

If you are or might be subject to HIPAA, please contact us as early as possible so we can discuss. The Campus is currently hiring positions which will have the required HIPAA Privacy Officer role and the HIPAA Security Officer role. There are people serving in these roles in the interim (Linda Williams for Privacy, me for security). An email to [hidden email] is the best way to start such an engagement.

Regards,
Paul


On Aug 23, 2014, at 12:46 PM, Rick Jaffe <[hidden email]> wrote:

Dav,

For more information, email:

[hidden email]
or [hidden email] for more information.

Rick


On Sat, Aug 23, 2014 at 11:49 AM, Dav Clark <[hidden email]> wrote:
Apparently, an org can obtain HIPAA compliance for protected health information (PHI) by signing a HIPAA Business Associate Agreement (BAA):


Since the campus is not a HIPAA covered entity, I'm guessing we've not done this. But is there a way I could find out?

Many thanks!
--
Dav Clark
Data Scientist
UC Berkeley D-Lab
510-664-7000


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] HIPAA agreement with google apps

Dav Clark
As usual, micronet turns out to be a great place to quickly track down helpful folks with the right information!

In short, I'm working on co-ordinating mobile (web / phone / tablet) experiments in my role at D-Lab and BIDS. At this time, I'm not going to personally be collecting PHI or advising anyone to collect PHI over Qualtrics or Google Forms at Berkeley.

I am currently working with some folks at Kennedy Krieger in Baltimore in an advisory role (I won't get direct access to any human subjects data, and Hopkins / Krieger have excellent procedures in this regard). So part of my personal concern is the use of software that would be easy to use at multiple sites if and when we get to that.

That said, as I start collecting information for supporting local research, I'll be sure to follow up on some of the offers for consultation here!

Best,
Dav


On Sat, Aug 23, 2014 at 1:34 PM, paul rivers <[hidden email]> wrote:

The first link accurately represents the current relationship of UC to Google with respect to PHI. Google should not be used for this purpose at present. 

We do have covered components on this Campus subject to HIPAA. An appropriate BAA in place would merely be a prerequisite for compliance. There would remain many other obligations on a Campus unit for HIPAA compliance that would not be transferred to the partner.

If you are or might be subject to HIPAA, please contact us as early as possible so we can discuss. The Campus is currently hiring positions which will have the required HIPAA Privacy Officer role and the HIPAA Security Officer role. There are people serving in these roles in the interim (Linda Williams for Privacy, me for security). An email to [hidden email] is the best way to start such an engagement.

Regards,
Paul


On Aug 23, 2014, at 12:46 PM, Rick Jaffe <[hidden email]> wrote:

Dav,

For more information, email:

[hidden email]
or [hidden email] for more information.

Rick


On Sat, Aug 23, 2014 at 11:49 AM, Dav Clark <[hidden email]> wrote:
Apparently, an org can obtain HIPAA compliance for protected health information (PHI) by signing a HIPAA Business Associate Agreement (BAA):


Since the campus is not a HIPAA covered entity, I'm guessing we've not done this. But is there a way I could find out?

Many thanks!
--
Dav Clark
Data Scientist
UC Berkeley D-Lab
510-664-7000


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



--
Dav Clark
Data Scientist
UC Berkeley D-Lab
510-664-7000

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.