Customers and prospects often ask about Google Forms and its ability to be used a HIPAA compliant manner. We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.
In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:
The purpose of this post is to determine if Google Forms offers HIPAA compliance or not.
SEE ALSO: HIPAA Breaches and Cloud Providers
About Google FormsGoogle Forms can be used to manage event registrations, create a quick opinion poll, and more.
Google and the business associate agreement
We’ve previously talked about how a business associate agreement (BAA) is a written contract between a covered entity and a business associate. It is required by law for HIPAA compliance. We checked Google's site and found a Google Workspace Administrator help article called HIPAA Compliance with Google Workspace. In the article, Google points out: "Google offers a BAA covering Gmail, Google Calendar, Google Drive (including Docs, Sheets, Slides, and Forms)..."
Does Google Forms offer HIPAA compliant service?
The BAA is a key component to HIPAA compliance between a covered entity and a business associate. Since Google offers a BAA that covers Google Forms, we conclude that Google Forms is HIPAA compliant. It's important to note however, that Google Forms is not HIPAA compliant if you do not sign a BAA with Google.
Google Workspace email isn't HIPAA compliant out of the box.
Conclusion: Google Forms is HIPAA Compliant. Make sure you sign a BAA with Google.