Is Google Drive HIPAA compliant?

Featured image

Share this article

Is Google Drive HIPAA Compliant? - Paubox

We often get asked by customers and prospects about Google Drive and their ability to use it in a HIPAA compliant manner.

We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based storage services in this sector.

UPDATE: In April 2020, in connection with the COVID-19 pandemic, the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) announced the Notification of Enforcement Discretion, which allows healthcare providers to use widely available communication apps, such as [name of the app], for telehealth services without the risk of incurring HIPAA fines. For more information, check out this recent Paubox blog post.

SEE ALSO: Google & HIPAA Compliance: The Ultimate Guide

In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:

The purpose of this post is to determine if Google Drive offers HIPAA compliance or not.

SEE ALSO: HIPAA Breaches and Cloud Providers

About Google Drive

Google Drive is a file storage and synchronization service that launched in 2012.

Users can use Google Drive to upload, sync and share files in the cloud. It also encompasses Google Docs, Sheets and Slides.

Files created and edited through its office suite are saved in Google Drive.

Google Drive and the Business Associate Agreement

We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.

We checked Google’s site and found a Google Workspace Administrator Help article called HIPAA Compliance with Google Workspace.

In the article, Google points out:

“Google offers a BAA covering Gmail, Google Calendar, Google Drive (including Docs, Sheets, Slides, and Forms)…”

Does Google Drive Offer HIPAA Compliant Service?

The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate. Since Google offers one that covers Google Drive, we conclude that Google Drive is a HIPAA compliant service.

It’s important to note however, you must sign a BAA with Google to be HIPAA compliant.

[alert-note]

G Suite email isn’t HIPAA compliant out of the box.
Download the Quick Guide to HIPAA Compliant Email for free.

[/alert-note]

Conclusion: Google Drive is HIPAA Compliant. Make sure you sign a BAA with Google.

SEE ALSO: HIPAA Breaches and Cloud Providers

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Hoala Greevy

Founder of Paubox. Kayak fishing when I can. Native Hawaiian CEO.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022