We often get asked by customers and prospects about Google Docs and their ability to use it in a HIPAA compliant manner. We know the HIPAA market is vast so we can empathize with just how many people need to use cloud-based storage services in this sector.
In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:
- Amazon CloudFront
- Apple iCloud
- Citrix ShareFile
- Google Calendar
- Google Drive
- Google Forms
- Google Hangouts
- Microsoft 365
The purpose of this post is to determine if Google Docs offers HIPAA compliance or not.
SEE ALSO: HIPAA Breaches and Cloud Providers
About Google Docs
Google Docs is a web-based word processor offered by Google within its Google Drive service. It was first released in 2007.
Google Docs and the Business Associate Agreement
We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance. We checked Google's site and found a Google Workspace Administrator Help article called HIPAA Compliance with Google Workspace. In the article, Google points out: "Google offers a BAA covering Gmail, Google Calendar, Google Drive (including Docs, Sheets, Slides, and Forms)..."
Does Google Docs Offer HIPAA Compliant Service?
The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate. Since Google offers one that covers Google Docs, we conclude that Google Docs is a HIPAA compliant service. It's important to note however, you must sign a BAA with Google to be HIPAA compliant.
G Suite email isn't HIPAA compliant out of the box.
Conclusion: Google Docs is HIPAA Compliant. Make sure you sign a BAA with Google.
SEE ALSO: Is Google Drive HIPAA Compliant?