Google Slides is a web-based presentation editor that can be used to create slide shows, project presentations and training material. It can be used for free by any person who doesn’t have a software program with the same functionality like Microsoft PowerPoint.
Is it possible for healthcare organizations to use Google Slides in connection with electronic protected health information without violating HIPAA Rules? When creating training courses or slideshows that use sensitive health data, caution must be exercised. Google Slides is not exempt from the HIPAA and using it with PHI could potentially violate patient privacy and HIPAA rules resulting in financial penalty.
To avoid violating HIPAA when using Google Slides with ePHI, healthcare organizations need to enter into a business associate agreement (BAA) with Google before using the web-based editor. Google has been offering a BAA for healthcare organizations to cover the use of G Suite and Google Drive. Use of Google Drive already includes Google Docs, Google Sheets, Google Slides and Google Forms.
Healthcare organizations that use Google Drive services need to control access to files created or stored on Google Drive. Viewing of files and links must be restricted to authorized individuals only. Sharing permissions must have the proper configuration to ensure no accidental disclosure of ePHI will occur. When naming files, do not use ePHI. Third-party applications must be disabled. If it is necessary to use an application, its security and documentation must be assessed first. Developers of third-party applications are considered as business associates. Hence, BAAs are necessary when using the apps with PHI.
As long as a BAA with Google is available prior to using Google Slides, permissions have been configured correctly, and HIPAA-compliant practices are followed, healthcare organizations can use Google Slides without HIPAA Rules violation.