Through a partnership with Google, University of Minnesota students, faculty, and staff can access a suite of Google-powered communication and collaboration tools designed to enhance our ability to work together.
Apps available to the Academic Health Center
The suite of applications available under our Business Associate Agreement with Google include:
- Google Calendar,
- Google Drive, and
- Google Sites.
Google Groups is also available, however users will be subject to certain controls to ensure that no Protected Health Information is contained in Google Groups.
You will not have access to other University Google Apps. This includes:
- Google Hangout (includes Google Talk/Chat)
- Google Analytics
- YouTube (posting/editing content; you can still view videos)
Exceptions include the School of Public Health and the College of Veterinary Medicine who will have access to the full suite of Google applications.
Request an exception
If you are part of the University’s healthcare component (HCC) and believe you have a business need to access Youtube/Hangouts/Analytics (the “Additional Google Applications”), please review and complete the AHC Google Apps Exception Request Form. Please keep in mind that access to the Additional Google Applications will not be permitted in the event your need would result in transferring, creating, maintaining, storing or otherwise making accessible any Protected Health Information (“PHI”). Also, please keep in mind that an exception for Youtube is only needed for those who need to post or edit content on Youtube.
Once the AHC Google Apps Exception Request Form is completed, it will be reviewed by the Privacy Office and OIT. You may be contacted for additional information.
Protected Health Information and Google Apps
The University has a number of policies and procedures regarding the use and/or disclosure of PHI, including the Protection of Individual Health Information by University Health Care Components. Compliance with these policies and procedures is required whenever using and/or disclosing PHI, including when using any of the Google Apps.
Additionally, specific guidelines pertain to the following:
PHI should not be stored in Google Drive/Docs. The University recently launched a HIPAA compliant, cloud-based storage solution called Box Secure Storage. Box Secure Storage is intended for storing, sharing, and accessing sensitive or “Private-Highly Restricted” data. Even when storing sensitive data in Box Secure Storage, great care should be taken to ensure only authorized users can access the data.
In general, PHI should not be sent via Gmail. If email is the only option to share PHI with an organization or individual, HCC members should use the newly implemented Proofpoint Secure Email Center. Proofpoint is HIPAA compliant and allows HCC members to send encrypted emails to users outside the HCC. The receiver will be directed to retrieve the message from a secure, online portal. Additionally, both parties can respond securely to messages back and forth via the Proopoint portal.
In limited situations, it may be acceptable to send PHI via Gmail. For more information, read the guidelines for Email and Protected Health Information.