The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Google Professional Data Engineer GCP
- A federal law applicable in USA
- establishes data privacy and security requirements for individuals’ protected health information (PHI)
- organizations responsible for protecting individuals’ protected health information are defined as “covered entities” or “business associates”.
- Customers should review Google’s Business Associate Agreement (BAA).
- Google products under the BAA meet the HIPAA requirements and covers entire infrastructure as
- all regions
- all zones
- all network paths
- all points of presence
Customer Responsibilities
- customer should find they are a Covered Entity (or a Business Associate of a Covered Entity)
- if yes, so BAA is needed for interactions.
- Google provides a secure and compliant infrastructure for the storage and processing of PHI customer is responsible for
- environment and applications built on GCP Platform
- their configuration and security as per HIPAA requirements.
- This is referred as shared security model in the cloud.
Essential best practices:
- Execute a Google Cloud BAA
- Ensure of not using non- BAA GCP products
HIPAA best practices:
- Use IAM best practices
- Find if organization has encryption requirements above HIPAA security rule.
- Enable Object Versioning in Cloud Storage.
- Configure audit log export destinations..
- Configure access control for the logs
- Periodically review audit logs for security and compliance
- Encrypt PHI or other sensitive data
- Avoid including PHI in
- Dialogflow Enterprise Agents definition
- a resource’s metadata
- within build config files, source control files, or other build artifacts.
Google Professional Data Engineer (GCP) Free Practice TestTake a Quiz