FWIW Google will sign BAAs with HIPAA-covered entities. Several of their services are popular in the industry, including Google Docs.

And really, most established players in tech have HIPAA-compliant offerings and go the BAA route. It's too lucrative a sector to pass up.

BAA is not an acronym I an familiar with and the internet assures me it is a sound a sheep makes. I would appreciate clarification.

Thanks.

Business Associate Agreement/Addendum.

Basically, when you are a covered entity -- someone who is directly required to comply with HIPAA because of what you do (for example, you're a doctor, or a pharmacy, or a health insurance company) -- any services or contractors/subcontractors you use that might end up handling protected health information as a result of what they do for you have to sign a BAA with you outlining what information they'll be receiving/handling and and how they'll be handling it, along with any specific requirements you each have to fulfill as part of your relationship.

So, for example, if you are a company in the health care industry (so you're a HIPAA covered entity) and you want to use AWS for some things that involve protected health information, you need a BAA with Amazon (and Amazon will happily sign one and take your money).

Google will also sign a BAA with you to let you use their cloud services, Google Docs, etc. Microsoft will sign a BAA with you. Sentry will sign a BAA with you so you can use it for monitoring on your systems. It's extra work, but health care is a big enough market to be well worth the trouble for these companies.

Apparently BAA is Business Associate Agreement: https://healthitsecurity.com/features/what-is-a-hipaa-busine...

In the US, quite possibly. I'm surprised more hasn't be made of this before. Rules in the UK are fairly strict, although I'm unsure of how strictly enforced they are as mass-market online healthcare services are fairly few and far between since the vast majority of healthcare is provided by one provider: the state.