Is Google APPS HIPAA Compliant?

It’s possible to build HIPAA compliant file repositories in Google Drive. If you wish to store Personal Health Information in Google Apps, you must sign a Business Associate Agreement with Google. Administrators must also review & accept a BAA before working with Google Apps & PHI. The Google BAA covers Gmail, Calendar, Drive, Docs & Sheets, Slides, and Google Forms, Google Sites and Google Vault Services.

Every organization must determine if they are subject to HIPAA requirements and whether or not they will use Google services in connection with PHI. For more information, we recommend reviewing the following materials.

US Government HIPAA Compliance:

  • http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/index.html

Google Apps HIPAA Implementation Guide:

  • https://static.googleusercontent.com/media/www.google.com/en/us/work/apps/terms/2015/1/hipaa_implementation_guide.pdf

For Admins - Reviewing & accepting the Google BAA:

  • https://support.google.com/a/answer/3407074