HIPAA Compliance & Google Workspace
Security is one of the hallmark features of Google Workspace. With unique controls and protections included in paid business plans, health providers can feel safe using Google Workspace as a low cost and highly secure practice management tool.
Health providers using Google Workspace to handle Protected Health Information (PHI) can ensure HIPAA compliance by signing a Business Associate Agreement or Addendum (BAA) with Google.
The BAA can be accessed via the following pathway:
Admin console > Account Settings > Legal & Compliance
Video Walkthrough
This video overviews the process to sign Business Associate Agreement (BAA) with Google Workspace in order to ensure HIPAA compliance with your paid Google Workspace account.
The BAA can be found in the Admin console under Account Settings β Legal & Compliance.
Note that this walkthrough video was made in 2020, so the exact appearance of the Admin console are different than the current version of Google Workspace.
Please consult an attorney with any specific questions about HIPAA compliance and your health practice.
For the latest information and updates about Google Workspace & HIPAA Compliance β check out this Google Help Center resource.
Additional Notes
The BAA is accessible only with paid Google Workspace plans
Only a portion of Googleβs Core Services are covered in the BAA
As of June 2020, these include Gmail*, Calendar, Drive (Docs, Sheets, Slides, and Forms), Tasks, Keep, Sites, Jamboard, Meet, Google Groups, and more.
* - HIPAA compliance with Gmail may require end-to-end encryption using a third party application when emailing outside of your direct organization.