The Google Cloud Platform (GCP) is the preferred cloud platform for the Stanford School of Medicine.
Stanford University has a Business Associates Agreement with Google for the Google Cloud Platform (GCP). This means that Google legally accepts responsibility for the security of Stanford information (including HIPAA-protected information) while in the company's care. This BAA enables hosting of even those services with High Risk data on the Google Cloud Platform.
Right now, there are several pilot projects underway as we explore GCP capabilities and determine best practices and how to meet Stanford’s minimum security standards in the cloud. The GCP is an important platform that will be used more and more as time goes on, and we are currently developing recommendations and guidance to ensure that our use of it and migrations to it are done in a consistent and secure manner.
One of our current requirements is that the use of PHI with the GCP can ONLY happen in partnership with TDS, and only within a specific subset of GCP tools. Any users working with this kind of High Risk data MUST consult with TDS before attempting to make use of these cloud services. This includes researchers who wish to use GCP to handle clinical data that is identified.
To get involved:
- Request to be part of the conversation as a single-channel guest into the TDS Slack instance in the #googlecloudplatform channel - via a ticket at tdshelp.stanford.edu.
- Request a consultation with TDS Data Center:
Put in a ticket at tdshelp.stanford.edu, select "Data Center Issue," and ask for help with the Google Cloud Platform.
- For testing and use with public data: TDS Data Center will follow up with further instructions on how to activate your account and request a project to own.
- For use with High Risk data: TDS Data Center can manage a configuration on your behalf at this time.