Paubox

HITRUST CSF Certified HIPAA Compliant Email Solutions

Home » HIPAA Compliance » Can I use Google Voice and be HIPAA Compliant?

Can I use Google Voice and be HIPAA Compliant?

by

Can I use Google Voice and be HIPAA Compliant? - Paubox

We often get asked by customers and prospects about Google Voice and their ability to use it in a HIPAA compliant manner.

We know the HIPAA market is vast so we can empathize with just how many people need to use cloud-based storage services in this sector.

In previous posts, we’ve covered the following cloud solautions and their capabilities for HIPAA compliance:

The purpose of this post is to determine if Google Voice offers HIPAA compliance or not.

SEE ALSO: HIPAA Breaches and Cloud Providers

About Google Voice

Google Voice is a telephone service that provides call forwarding, voicemail, voice and text messaging.

The service was launched in 2009, after Google acquired the service GrandCentral. Google Voice should not to be confused with Google Talk or Google Voice Search.

Google Voice and the Business Associate Agreement

We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.

We checked Google’s site and found a G Suite Administrator Help article called HIPAA Compliance with G Suite.

In the article, Google points out:

“Google offers a BAA covering Gmail, Google Calendar, Google Drive (including Docs, Sheets, Slides, and Forms), Google Hangouts (chat messaging feature only), Hangouts Meet, Google Keep, Google Cloud Search, Google Sites, Jamboard, and Google Vault services.”

The G Suite Administrator Help article however, does not mention Google Voice as being covered under their BAA. In fact, Google Voice is not considered a part of G Suite.

We then checked a Google Implementation Guide called HIPAA Compliance & Data Protection with Google Apps. We could not find a mention of Google Voice in that guide either. Google Voice is not considered a part of Google Apps either.

Next, we checked the Google Cloud Platform and found a guide called HIPAA Compliance on Google Cloud Platform. There was no mention of Google Voice being covered under the Google Cloud BAA either. Google Voice is not a part of Google Cloud.

SEE ALSO: Is Google Cloud HIPAA Compliant?

Does Google Voice Offer HIPAA Compliant Service?

The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate.

We determined that:

  • Google Voice is not a part of G Suite.
  • Google Voice is not a part of Google Apps either.
  • Google Voice is also not part of Google Cloud.

G Suite, Google Apps, and Google Cloud are the Google platforms that offer BAAs. Since Google Voice is not a part of any of them, we conclude that Google Voice is not a service that’s covered by Google for HIPAA Compliance.

G Suite email isn’t HIPAA compliant out of the box.
Download the Quick Guide to HIPAA Compliant Email for free.

Conclusion: Google Voice is not HIPAA Compliant.

Do not use Google Voice if you are bound by HIPAA regulations.

One email. Once a week.
I agree to have my personal information transfered to MailChimp ( more information )
The Digital Health Weekly from Paubox contains all the digital health fun you can stand from interviews, security tips, to a guy in a bunny costume.
We love spam musubi, but hate SPAM. Your email address will not be sold or shared with anyone else. See our privacy policy for more info.

Related Posts: