Stay organized with collections
Save and categorize content based on your preferences.
HIPAA Compliance with
Looker Services
Last modified: September 15, 2022
Google supports Health Insurance Portability and
Accountability Act (HIPAA) compliance (within the
scope of a Business Associate Agreement) but
ultimately customers are responsible for evaluating
their own HIPAA compliance, including when using the
Looker Services.
Covered Services
The Business Associate Agreement (BAA) covers Looker’s
Services under a Looker Hosted Deployment as described in
the applicable Looker services agreement to which the BAA
is attached, except that the following (the "Excluded
Services") are not covered by the BAA:
- Any third party services (including those at the
following link https://looker.com/trust-center/privacy/google-cma-subprocessors
)
other than services provided by (i) a Google Affiliate
or (ii) a cloud based infrastructure provider included
in the Services.
- Any API Integration tool that is not secure
- Any Services that are not generally available,
including beta features and previews
Customer General Responsibilities
Given the functionality of the Services, you, as the
customer, are in control of (i) the environment where you
deploy the Services, (ii) the configuration of the
Services (including configuration of the access
permissions and security controls) in such a way that
complies with your BAA, this implementation guide and
HIPAA requirements, (iii) the applications that are
connected to the Services by your end users, and (iv) how
or if your users access Protected Health Information (PHI)
when using the Services. To the extent you elect to use
Excluded Services (as defined above), you must manage the
risk of using such services in compliance with your
obligations under HIPAA.
Your Security Responsibilities
Essential best practices:
- Execute a BAA. You can request a BAA directly from
your account manager.
- Disable or otherwise ensure that you do not use
services that are not covered by the BAA when working
with PHI.
- Turn off Excluded Services so that end users do not
use services not covered by the BAA.
Recommended Technical Best Practices When Configuring the
Services
-
Access Controls
- Use the “access filter” parameter in conjunction
with user attributes to apply row, column, or field
level data security by user or user group.
- Minimize data access for your users by limiting
administrator, developer, and SQL runner access
privileges.
- Ensure you have a process in place to prevent
sharing of PHI with Excluded Services and Google
personnel, including technical support teams via support access
or professional services teams during an engagement.
-
Sharing
- Set up any API usage between Google and your
vendor or any other third party in a secure
way.
- Do not share PHI via the Services with a
third-party unless a BAA is in place with the
third-party. Do not instruct Google to share PHI via
the Services (including an API) with a third-party
unless a BAA is in place with the third-party.
- Manage use of the Services such that PHI is not
shared via email by ensuring email recipients get
redirected to the Looker Instance where they must
log into the Services before accessing PHI or
related sensitive content.
- Have processes in place to ensure PHI is not
attached to or sent via any technical support chat
functionality
- Store cache query results for only the minimum
time necessary for the data set(s) and use case(s)
by configuring the Services accordingly.
- Restrict when users can create public links by
utilizing the administrator functionality of the
Services.
- Create and maintain logs when you permit a third
party to use aggregated PHI.
-
Secure Configuration
- Implement industry-standard methods of
authenticating users such as two-factor
authentication or SAML-supported SSO iDP, and to the
extent a user relies on SSO, restrict the
“login_special_email” permission to a maximum of two
(2) users.
- Apply data set security within the Looker model.
- At least quarterly, perform an audit on all users,
groups, permissions, roles, API keys, public links,
and additional access controls, sharing, and
security configuration.
Your Database Security Controls
- When granting the necessary authorization for the
Services to access your databases, you must follow the
principle of granting the least privilege to this
database and its information.
- When configuring database security controls, you
should:
- ensure that all connections to the database are
encrypted in transit, employ a tunnel server for any
SSH tunnel connection,
- allow list external access to permit only
Google-specific IP addresses, and
- configure your database rights such that Google
does not have write-access or administrative-access
to your databases.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],[],[],[],null,["# Hipaa Compliance with Looker Services\n\n- [Back to Google Cloud Terms Directory](/product-terms)\n- \n- Current \n\nHIPAA Compliance with\nLooker Services\n=====================================\n\nLast modified: September 15, 2022\nThis is not the current version of this document and is provided for archival purposes. [View the current version](/terms/looker/security/hipaa) \n*Google supports Health Insurance Portability and\nAccountability Act (HIPAA) compliance (within the\nscope of a Business Associate Agreement) but\nultimately customers are responsible for evaluating\ntheir own HIPAA compliance, including when using the\nLooker Services.*\n\n#### Covered Services\n\nThe Business Associate Agreement (BAA) covers Looker's\nServices under a Looker Hosted Deployment as described in\nthe applicable Looker services agreement to which the BAA\nis attached, except that the following (the \"Excluded\nServices\") are not covered by the BAA:\n\n- Any third party services (including those at the following link \u003chttps://looker.com/trust-center/privacy/google-cma-subprocessors\u003e) other than services provided by (i) a Google Affiliate or (ii) a cloud based infrastructure provider included in the Services.\n- Any API Integration tool that is not secure\n- Any Services that are not generally available, including beta features and previews \n\n#### Customer General Responsibilities\n\nGiven the functionality of the Services, you, as the\ncustomer, are in control of (i) the environment where you\ndeploy the Services, (ii) the configuration of the\nServices (including configuration of the access\npermissions and security controls) in such a way that\ncomplies with your BAA, this implementation guide and\nHIPAA requirements, (iii) the applications that are\nconnected to the Services by your end users, and (iv) how\nor if your users access Protected Health Information (PHI)\nwhen using the Services. To the extent you elect to use\nExcluded Services (as defined above), you must manage the\nrisk of using such services in compliance with your\nobligations under HIPAA. \n\n#### Your Security Responsibilities\n\nEssential best practices:\n\n- Execute a BAA. You can request a BAA directly from your account manager.\n- Disable or otherwise ensure that you do not use services that are not covered by the BAA when working with PHI.\n- Turn off Excluded Services so that end users do not use services not covered by the BAA. \n\n#### Recommended Technical Best Practices When Configuring the\nServices\n\n- Access Controls\n\n - Use the \"access filter\" parameter in conjunction with user attributes to apply row, column, or field level data security by user or user group.\n - Minimize data access for your users by limiting administrator, developer, and SQL runner access privileges.\n - Ensure you have a process in place to prevent sharing of PHI with Excluded Services and Google personnel, including technical support teams via [support access](https://docs.looker.com/admin-options/settings/support-access) or professional services teams during an engagement.\n\n\u003c!-- --\u003e\n\n- Sharing\n\n - Set up any API usage between Google and your vendor or any other third party in a secure way.\n - Do not share PHI via the Services with a third-party unless a BAA is in place with the third-party. Do not instruct Google to share PHI via the Services (including an API) with a third-party unless a BAA is in place with the third-party.\n - Manage use of the Services such that PHI is not shared via email by ensuring email recipients get redirected to the Looker Instance where they must log into the Services before accessing PHI or related sensitive content.\n - Have processes in place to ensure PHI is not attached to or sent via any technical support chat functionality\n - Store cache query results for only the minimum time necessary for the data set(s) and use case(s) by configuring the Services accordingly.\n - Restrict when users can create public links by utilizing the administrator functionality of the Services.\n - Create and maintain logs when you permit a third party to use aggregated PHI.\n- Secure Configuration\n\n - Implement industry-standard methods of authenticating users such as two-factor authentication or SAML-supported SSO iDP, and to the extent a user relies on SSO, restrict the \"login_special_email\" permission to a maximum of two (2) users.\n - Apply data set security within the Looker model.\n- At least quarterly, perform an audit on all users, groups, permissions, roles, API keys, public links, and additional access controls, sharing, and security configuration. \n\n#### Your Database Security Controls\n\n- When granting the necessary authorization for the Services to access your databases, you must follow the principle of granting the least privilege to this database and its information.\n- When configuring database security controls, you should:\n - ensure that all connections to the database are encrypted in transit, employ a tunnel server for any SSH tunnel connection,\n - allow list external access to permit only Google-specific IP addresses, and\n - configure your database rights such that Google does not have write-access or administrative-access to your databases."]]
