2 min read

Is the Google Workspace (G Suite) API HIPAA compliant?

Ryan Ozawa December 15, 2020

HIPAA compliance
Colorful gears and cogs surrounding a large 'G' letter
Colorful gears surrounding a large gear to represent interconnected systems and integration When it comes to providing cloud software for businesses, Google's suite of applications is massively popular. Earlier this year, Google Marketplace—which encompasses Gmail, Google Docs, Google Sheets, and other productivity tools — surpassed 2 billion monthly active users, put it in a solid second place behind business software behemoth Microsoft. SEE ALSO: Google & HIPAA Compliance: The Ultimate Guide While most people are familiar with the browser-based versions of Google tools, however, Google also offers deeper integration of its servers through the Google Workspace API, also known as the G Suite API. UPDATE: In April 2020, in connection with the COVID-19 pandemic, the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) announced the  Notification of Enforcement Discretion, which allows healthcare providers to use widely available communication apps, such as [name of the app], for telehealth services without the risk of incurring HIPAA fines. For more information, check out  this recent Paubox blog post.

What is the Google Workspace API?

An API is an Application Programming Interface, and it provides software developers with the ability to connect Google's software directly to their own. This allows for the consolidation of services through a single interface, rather than requiring users to log into different websites to use different tools. The Google Workspace API supports Gmail, Google Docs, Google Drive, Google Calendar, and Google Sheets, Slides, and Tasks. Much of Google's own software, provided to and accessed directly by healthcare professionals, can be HIPAA compliant. But what about external programs that use the API?

 

Is the Google Workspace API HIPAA compliant?

For healthcare facilities and companies with their own software development teams, the Google Workspace API is a compelling option. The fewer systems that employees need to access, the fewer security endpoints there are to be exposed and exploited. Given the information that hospitals, clinics, and healthcare workers handle on a day-to-day basis, HIPAA compliance is a must to ensure data and systems are kept as secure as possible. The closest record we could find suggesting the Google API is compliant is a Digital Marketplace entry provided by the UK government, which simply says "Yes" for the Google Workspace API, its documentation, and its test environments. Unfortunately, Google itself does not expressly describe the G Suite API, or Google Workspace API, as HIPAA compliant in its documentation. Indeed, Google has a simple page to summarize HIPAA Included Functionality for its services, As of July 21, 2020, it lists "Gmail, Calendar, Drive (including Docs, Sheets, Slides, and Forms), Apps Script, Keep, Sites, Jamboard, Hangouts (chat messaging feature only), Google Chat, Google Meet, Google Voice (managed users only), Google Cloud Search, Cloud Identity Management, Google Groups, Google Tasks and Vault." The G Suite API, or Google Workspace API, is not mentioned.

 

Conclusion

Because Google does not expressly list its API among the HIPAA compliant functions it provides, it is prudent to assume that the Google Workspace API is not HIPAA compliant. Software developers looking for an API to plug into HIPAA compliant email systems built specifically for covered entities should instead consider the Paubox Email API, which has already been implemented by many healthcare businesses. SEE ALSO: Why Healthcare Businesses Choose the Paubox Email API The  Paubox Email API allows healthcare applications to send transactional emails at scale. The HITRUST CSF certified product allows patients to receive encrypted emails directly to their inboxes—no passwords or portals required.  It's also easy to implement with clear documentation for software developers.
 
Try the Paubox Email API for FREE today.
Start for free
Secure every email you send and receive HIPAA compliant. Threat-proof. Hassle-free.
Image of a computer with a lock emoticon.

How to follow the HHS OIG compliance program guidance

Picture of Kirsten Peremore Kirsten Peremore : August 6, 2025

The Health and Human Services (HHS) Office of Inspector General’s (OIGs) Compliance Program Guidance (CPG), developed and issued over several...

HIPAA compliance
Read More
department of health and human services seal logo

The HHS Good Guidance Rule

Picture of Kirsten Peremore Kirsten Peremore : May 3, 2024

The HHS Good Guidance Rule guides the release of documents from the departments.

HIPAA compliance
Read More
Paubox blog post title card with blue background

Why Google Workspace and Microsoft 365 aren't enough for complete HIPAA compliance

Picture of Dean Levitt Dean Levitt : April 11, 2023

Healthcare organizations often turn to Google Workspace and Microsoft 365 as solutions for secure email communication. While these platforms offer...

HIPAA compliant email HIPAA compliance
Read More

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.