I avoid Google products. Aside from YouTube and Waze I'm pretty much able to avoid their stuff because of how bad they are with privacy.
A healthcare provider now requires a family member to do telehealth using Chrome. Their system doesn't play well with Safari; indeed, we weren't even able to connect from their laptop (but could with mine - both running identical OS and Safari versions, etc.). Anyway...
As much info as Google collects, is there any credible indication that they don't collect data, including audio (transcriptions) or videos from HIPPA-defined electronic communications?
That's an interesting requirement and not one I've seen. Are they intentionally partnering with Google or are they using software that just happens to only work with Chrome?
Note that HIPAA does not protect all health information. It puts rules and controles and such around health care "providers" (and other "covered entities", etc) for using, disclosing, and protecting Protected Health Information (PHI). It places responsibility for privacy on the provider and its vendors (in the form of Business Associate Agreements [BAA] that the provider is required to have with vendors who will handle its PHI). Google as typically accessed is not subject to HIPAA and can use and disclose health information like any other information it collects. However, Google as contracted by a provider to handle PHI would then be subject:
Ensuring that our customers' data is safe, secure and always available to them is one of our top priorities. For customers who are subject to the requirements of the Health Insurance Portability an
support.google.com
However, a browser isn't "HIPAA" compliant. A browser can be unsuitable for use in an environment subject to HIPAA but there are no HIPAA compliant browsers because compliance is something that a provider achieves with regards to all their processes and technology*.
In this case I am suspicious this provider is meeting HIPAA requirements. Not that you can't workaround the default behavior of standard Chrome as others have mentioned but I would be surprised if a software vendor handling PHI created a service that only works with Chrome but is otherwise compliant with HIPAA. Similiarly, I am suspicious of a provider that contracts with such a vendor. All could be kosher here but it would prompt me to look into this provider and their vendor to see if they have any idea what they doing.
Last, note the some states impose greater privacy protection requirements than the federal standards and providers dealing with substance abuse are subject to even greater protection. I only bring these up in that I would run as far away as possible from any substance abuse provider who doesn't understand their responsibilities under the (even stricter) laws related to substance abuse (the data portion of which is known as "42 CFR Part 2"...). Maybe they are great at what they do but in my experience where there's smoke there's fire.
*FYI there is also no official HIPAA certification for providers either -- a provider can decide they meet their requirements under HIPAA and be done with it but there is no requirement for an external organization to certify (putting aside hospitals and the like that will have to show some effort to be compliant as part of more general accreditation or licensing processes). They can undergo audit by an external organization but that is purely up to them. The enforcement mechanism is that failing to meet their responsbilities under HIPAA could subject them to regulatory and/or legal actions.
