by Hoala Greevy Founder CEO of Paubox
Article filed in

G Suite with BAA vs Paubox

by Hoala Greevy Founder CEO of Paubox

G Suite with BAA vs Paubox


  • The G Suite Business Associate Agreement (BAA) does not actually cover email sent and received in transit.
  • G Suite needs an additional service like Paubox to be completely secure for HIPAA Compliant Email.
  • Paubox can integrate with G Suite in under 30 minutes.

This week we received a useful inbound inquiry from a Health System in Columbia, Missouri.

In a nutshell, they inquired whether the Business Associate Agreement they have with Google and their G Suite (formerly called Google Apps) implementation was sufficient for HIPAA compliant email.

Since we get this question a lot, we thought it would be great content for a blog post.

Health Insurance Portability and Accountability Act

As a recap, HIPAA stands for Health Insurance Portability and Accountability Act. You can learn more about it here.

Here’s the Powerful Question they sent

Here’s what they sent:


Dear Paubox,

I already have paid gmail (precisely G suite) and google signed BAA with us. But I’m finding your product very attractive.

Is there any thing Paubox brings beyond what I described above?

Thank you and have a great day!


We felt the answer to this would be helpful for others looking to learn more about Paubox and how it compliments G Suite.

The objective of this post is to clarify how Paubox integrates and adds value to G Suite.

SEE ALSO: Is Gmail HIPAA Compliant

The Google Business Associate Agreement (BAA) for G Suite

As we’ve previously covered, the Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. HIPAA compliance requires a BAA by law to ensure security and privacy.

We checked Google’s site and found a G Suite Administrator Help article called HIPAA Compliance with G Suite.

In the article, Google points out:

“Google offers a BAA covering Gmail, Google Calendar, Google Drive (including Docs, Sheets, Slides, and Forms), Google Hangouts (chat messaging feature only), Hangouts Meet, Google Keep, Google Cloud Search, Google Sites, Jamboard, and Google Vault services.”

READ MORE: Can I use G Suite (Google Apps) and be HIPAA Compliant?

However, it’s important to note that:

  • You must sign a BAA with Google. It is not included by default.
  • Google’s BAA does not cover email sent or received in transit.

How Paubox Adds Value to G Suite

Unlike G Suite, Paubox sends encrypted emails to any recipient, regardless if their email provider supports encryption or not. ​

This is because Paubox sends encrypted emails by default.

Every other email encryption provider requires email senders to be experts in identifying what qualifies as Protected Health Information and manually encrypt each individual email and attachment. However, this method leaves your organization vulnerable to HIPAA violations due to human error.

Humans aren’t perfect, and if people are overwhelmed with their workload already, it is unrealistic to expect them to encrypt specific emails every time. This often results in emails containing PHI being sent without encryption, which qualifies as a data breach and a HIPAA violation.

RELATED: How to Encrypt Your Gmail Email (With Pictures)

With Paubox, we offer an easier and more secure way to send encrypted emails. And the best part? Our integration with G Suite is so seamless, you won’t notice any change in your email behavior.

Paubox eliminates the need to press any extra buttons or write “secure” in the subject line when sending encrypted emails. Simply compose an email as you normally would, and Paubox takes care of the rest.

By encrypting everything you send out by default, Paubox can ensure HIPAA compliance for your organization while making the experience for your recipients to view and reply to one of your encrypted emails extremely user friendly.

Get Started with Paubox for G Suite

While G Suite offers a number of useful applications such as Google Calendar and Google Drive, Paubox provides military grade encryption features without the hassle of extra steps.

Paubox also includes security features such as robust spam filtering that identifies malware and phishing attacks and has protocols against ransomware.

Experience how easy email encryption can be with a free no-risk 14-day trial.

Try Paubox for FREE and make your email HIPAA compliant today.

What about Pretty Good Privacy (PGP)?

PGP, or Pretty Good Privacy, is a well known email cryptography tool for e-mail. It’s nearly 20 years old yet hardly anyone uses it. Why? Because the user experience with PGP is painful.

Putting the Customer Experience first is one of the core engineering principles behind Paubox.

SEE RELATED: What does seamless encryption mean? Hint: It’s not PGP

Copy link
Powered by Social Snap