Is Google Meet HIPAA compliant? (2026 update)

Google Meet is Google’s video conferencing platform for online meetings, calls, screen sharing, captions, recordings, transcripts, and collaboration across Google Workspace. With Google Meet, healthcare teams can host virtual meetings, invite participants, and use Workspace-based controls for business communication.

Is Google Meet HIPAA compliant? Yes, Google Meet is HIPAA compliant.

What changed this year?

As of May 2026, our review did not identify any publicly disclosed 2026 change removing Google Meet from Google’s HIPAA-related coverage or changing its business associate agreement (BAA) status. Google’s HIPAA page was last updated on May 11, 2026, and Google’s HIPAA Included Functionality list still identifies Google Meet as included under the applicable Google Workspace HIPAA Business Associate Addendum.

Will Google Meet sign a BAA?

Yes, Google will sign a BAA for eligible Google Workspace and Cloud Identity customers, which can be reviewed in Google’s HIPAA Business Associate Addendum. Google says customers with HIPAA compliance needs must enter into a BAA before using covered Google services with protected health information (PHI).

What does the Google Meet BAA cover?

The Google BAA covers PHI in Customer Data that Google accesses through Covered Services, and Google Meet is listed as HIPAA Included Functionality. Google’s BAA states that covered use must include safeguards against “unauthorized use or disclosure of PHI.”

Their BAA covers:

• Protection of PHI in covered Google services
• Permitted uses and disclosures of PHI
• Security incident and breach notification obligations
• Subcontractor protections
• Individual access and amendment support
• Accounting of disclosures
• Access by the U.S. Department of Health and Human Services
• Return or destruction of PHI when the services agreement ends, where feasible
  
  

What does the Google Meet BAA exclude?

Google’s BAA does not make every Google product or every Google Meet-related workflow HIPAA compliant. It applies only when the customer is using a Covered Service, such as Google Meet, under the BAA. The BAA excludes any Google product, service, or feature that is “not a Covered Service,” and it also excludes PHI created, received, maintained, or transmitted outside the Covered Services, including through offline tools, on-premise storage, or third-party applications.

Google also says third-party applications, including add-ons, are not included in the functionality covered by the BAA. Customers remain responsible for deciding whether HIPAA applies, accepting the BAA, limiting PHI to covered services, and configuring Google Workspace controls properly.

Conclusion

Google Meet may be HIPAA compliant, but only when used as part of a properly configured Google Workspace or Cloud Identity environment with Google’s BAA in place. A personal or non-BAA Google Meet setup should not be used to create, receive, maintain, or transmit PHI.

See also: HIPAA Compliant Email: The Definitive Guide.

FAQS

What is a business associate agreement?

A BAA is a legally binding contract establishing a relationship between a covered entity under HIPAA and its business associates. The agreement helps ensure the proper protection of PH). HHS explains that covered entities must obtain written assurances that a business associate will appropriately safeguard PHI.

What is HIPAA?

HIPAA sets national standards for protecting the privacy and security of certain health information. The HHS Office for Civil Rights explains that the HIPAA Privacy Rule protects individuals’ medical records and other individually identifiable health information.

Who does HIPAA apply to?

HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates that perform certain functions or activities for covered entities involving PHI.