Can I use Google Voice and be HIPAA Compliant?

by Hoala Greevy Founder CEO of Paubox

We often get asked by customers and prospects about Google Voice and their ability to use it in a HIPAA compliant manner.

We know the HIPAA market is vast so we can empathize with just how many people need to use cloud-based storage services in this sector.

In previous posts, we’ve covered the following cloud solautions and their capabilities for HIPAA compliance:

• Amazon CloudFront
• Apple iCloud
• Box
• Citrix ShareFile
• Dropbox
• FaceTime
• Google Calendar
• Google Docs
• Google Drive
• Google Forms
• Google Hangouts
• Google Sheets
• GoToMeeting
• Intercom
• Office 365
• OneDrive
• SharePoint
• Slack
• WhatsApp
• Yammer
• Zoho
• Zoom

The purpose of this post is to determine if Google Voice offers HIPAA compliance or not.

SEE ALSO: HIPAA Breaches and Cloud Providers

About Google Voice

Google Voice is a telephone service that provides call forwarding, voicemail, voice and text messaging.

The service was launched in 2009, after Google acquired the service GrandCentral. Google Voice should not to be confused with Google Talk or Google Voice Search.

Google Voice and the Business Associate Agreement

We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.

We checked Google’s site and found a G Suite Administrator Help article called HIPAA Compliance with G Suite.

In the article, Google points out:

“Google offers a BAA covering Gmail, Google Calendar, Google Drive (including Docs, Sheets, Slides, and Forms), Google Hangouts (chat messaging feature only), Hangouts Meet, Google Keep, Google Cloud Search, Google Sites, Jamboard, and Google Vault services.”

The G Suite Administrator Help article however, does not mention Google Voice as being covered under their BAA. In fact, Google Voice is not considered a part of G Suite.

We then checked a Google Implementation Guide called HIPAA Compliance & Data Protection with Google Apps. We could not find a mention of Google Voice in that guide either. Google Voice is not considered a part of Google Apps either.

Next, we checked the Google Cloud Platform and found a guide called HIPAA Compliance on Google Cloud Platform. There was no mention of Google Voice being covered under the Google Cloud BAA either. Google Voice is not a part of Google Cloud.

SEE ALSO: Is Google Cloud HIPAA Compliant?

Does Google Voice Offer HIPAA Compliant Service?

The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate.

We determined that:

• Google Voice is not a part of G Suite.
• Google Voice is not a part of Google Apps either.
• Google Voice is also not part of Google Cloud.

G Suite, Google Apps, and Google Cloud are the Google platforms that offer BAAs. Since Google Voice is not a part of any of them, we conclude that Google Voice is not a service that’s covered by Google for HIPAA Compliance.

Conclusion: Google Voice is not HIPAA Compliant.

Do not use Google Voice if you are bound by HIPAA regulations.