We often get asked by customers and prospects about Google Calendar and their ability to use it in a HIPAA compliant manner. We know the HIPAA market is vast so we can empathize with just how many people need to use cloud-based storage services in this sector.
In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:
- Amazon CloudFront
- Apple iCloud
- Apple iMessage
- Citrix ShareFile
- Constant Contact
- Google Docs
- Google Drive
- Google Forms
- Google Hangouts
- Google Hangouts Chat
- Google Slides
- Google Voice
- Microsoft Teams
- Microsoft 365
- Return Path
- Uber Health
The purpose of this post is to determine if Google Calendar offers HIPAA compliance or not.
SEE ALSO: How to Encrypt Gmail
About Google Calendar
Google Calendar is a time-management and scheduling calendar service developed by Google. It was first released in 2006.
Google Calendar and the Business Associate Agreement
We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance. We checked Google's site and found a Google Workspace Administrator Help article called HIPAA Compliance with Google Workspace. In the article, Google points out: "Google offers a BAA covering Gmail, Google Calendar, Google Drive (including Docs, Sheets, Slides, and Forms)..."
Does Google Calendar Offer HIPAA Compliant Service?
The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate. Since Google offers one that covers Google Calendar, we conclude that Google Calendar is a HIPAA compliant service. It's important to note however, you must sign a BAA with Google to be HIPAA compliant.
G Suite email isn't HIPAA compliant out of the box.
Conclusion: Google Calendar is HIPAA Compliant. Make sure you sign a BAA with Google.
SEE ALSO: HIPAA Compliant Calendar Invitations