HIPAA Compliance with Google Workspace and Cloud Identity

Ensuring that our customers’ data is safe, secure and always available to them is one of our top priorities. For customers who are subject to the requirements of the Health Insurance Portability and Accountability Act (HIPAA), Google Workspace and Cloud Identity can support HIPAA compliance.

Under HIPAA, certain information about a person’s health or health care services is classified as Protected Health Information (PHI). Google Workspace and Cloud Identity customers who are subject to HIPAA and wish to use Google Workspace or Cloud Identity with PHI must sign a Business Associate Agreement (BAA) with Google.

Google Workspace and Cloud Identity customers are responsible for determining whether they are subject to HIPAA requirements and whether they use or intend to use Google services in connection with PHI. Customers who have not signed a BAA with Google must not use Google services in connection with PHI.

Administrators must review and accept a BAA before using Google services with PHI. See what Google Workspace products can be used for HIPAA compliance in the HIPAA Included Functionality.

We have published our Google Workspace and Cloud Identity HIPAA Implementation Guide to help customers understand how to organize data on Google services when handling PHI. This guide is intended for employees in organizations who are responsible for HIPAA implementation and compliance with Google Workspace and Cloud Identity.

For more information please visit Google Workspace Guide