Google Workspace is known for its strong security standards. Data security has always been at the forefront of Google, impacting Gmail, Drive, Chat, Calendar, and much more. However, some organizations are subject to specific regulations which call for additional data protection standards, such as HIPAA.
As a Google Cloud Premier Partner, we at HiView help customers get the very most out of Google Workspace (formerly G Suite) while complying with industry-specific regulations. We have helped health centers, orthodontists, telehealth providers, and more see their full potential with the move to Google. In this article, learn how to get started with HIPAA compliance for Google Workspace.
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) is a United States federal statute established in 1996. It seeks to protect patient privacy and safety while allowing healthcare providers and other organizations to maintain efficiency in operations.
What companies must comply with HIPAA?
The following covered entities must comply with HIPAA standards in the United States:
- Healthcare providers (e.g. hospitals, private practices, therapists)
- Health plans (e.g. health insurance companies, government- or church-sponsored healthcare plans)
- Healthcare clearinghouses (non-healthcare entities that process PHI)
- Business associates (a person or organization using or disclosing PHI to complete a service or task)
Violations of HIPAA can result in sanctions, significant fines, or imprisonment. For more information about HIPAA, see this article from the CDC.
Is Google Workspace (G Suite) HIPAA compliant?
Tools such as Google Workspace and Microsoft 365 are not HIPAA compliant; rather, organizations are HIPAA compliant (or noncompliant). By taking certain steps, you can make your business’s Google environment HIPAA compliant. Read the instructions below to start meeting HIPAA requirements while using Google services such as Google Drive, Gmail, and more.
How to make your Google environment HIPAA compliant
Now, let’s walk through how to configure HIPAA compliance for Google Workspace (G Suite).
1. Sign a Business Associate Agreement (BAA) with Google
Once you have created your Google Workspace account, the first step to making your account HIPAA compliant is signing a Business Associate Agreement (BAA) with Google. This BAA binds Google to complying with HIPAA regulations in its handling of your organization’s data.
- To do this, open the Admin console and click Account Settings. Within the section titled Legal and compliance, click the dropdown menu on the right.
- Scroll to the bottom of the screen that opens, and under Security and Privacy Additional Terms, find Google Workspace/Cloud Identity HIPAA Business Associate Amendment.
- Click Not accepted > Review and accept.
- Read through the agreement and once complete, click I Accept.
Now you’ve completed the important first step to making your organization’s Google environment HIPAA compliant! However, this is not the only action you need to take in order to establish and maintain Google HIPAA compliance. Read on to learn what to do after you have signed a BAA with Google.
2. Follow the HIPAA Implementation Guide
The next step is to review and follow Google’s G Suite and Cloud Identity HIPAA Implementation Guide. If you are on Google Workspace rather than G Suite, don’t worry—this guide will still work for you.
Organized by application (e.g. Gmail, Drive, Sites, and Contacts), this guide contains step-by-step instructions to implement HIPAA compliance. It includes a variety of watchpoints to help your team remain compliant.
Contact us to request the HIPAA Implementation Guide.
Need assistance?
Our Google-certified Workspace experts are ready to help you create and maintain a thriving, secure collaboration environment on Google Workspace.
By simply transferring your Google Workspace license billing to HiView, you’ll gain access to on-demand professional support services at no cost to you. Contact us about your needs and we’ll be in touch promptly!
Further reading:
>> End-to-End Encryption for Google Workspace
