If your organization is a HIPAA-covered entity, and you intend to use a cloud platform in connection with PHI, you may be asking if Google Workspace is HIPAA-compliant.
The question of HIPAA compliance does not have a black-or-white answer. There are several steps that need to be taken by qualified members of your organization.
According to the U.S. Department of Health & Human Services, “the HIPAA Rules generally require that covered entities and business associates enter into contracts with their business associates to ensure that the business associates will appropriately safeguard protected health information.”
Accepting the HIPAA Business Associate Amendment
Google provides instructions on accepting the HIPAA Business Associate Amendment in the Google Workspace Admin console.
If your organization has signed up for Google Workspace, you can see the process for accepting the amendment.
In the left sidebar, select Account > Account settings > Legal and compliance. Scroll down to the Security and Privacy Additional Terms section.
Then, click on the link, “Google Workspace/Cloud Identity HIPAA Business Associate Amendment.”
If you are ready, click Review and Accept and answer all three questions to confirm that you are a HIPAA-covered entity.
Using Google Services with PHI
Google has published an extensive guide on using Google services with PHI (Protected Health Information).
If you are responsible for HIPAA implementation and compliance in your organization, this document details administrative settings related to HIPAA compliance.