Is the Google Workspace (G Suite) API HIPAA compliant?

Featured image

Share this article

Is the Google Workspace (G Suite) API HIPAA Compliant? - Paubox

When it comes to providing cloud software for businesses, Google’s suite of applications is massively popular. Earlier this year, Google Marketplace—which encompasses Gmail, Google Docs, Google Sheets, and other productivity tools — surpassed 2 billion monthly active users, put it in a solid second place behind business software behemoth Microsoft.

SEE ALSO: Google & HIPAA Compliance: The Ultimate Guide

While most people are familiar with the browser-based versions of Google tools, however, Google also offers deeper integration of its servers through the Google Workspace API, also known as the G Suite API.

UPDATE: In April 2020, in connection with the COVID-19 pandemic, the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) announced the Notification of Enforcement Discretion, which allows healthcare providers to use widely available communication apps, such as [name of the app], for telehealth services without the risk of incurring HIPAA fines. For more information, check out this recent Paubox blog post.

What is the Google Workspace API?

An API is an Application Programming Interface, and it provides software developers with the ability to connect Google’s software directly to their own. This allows for the consolidation of services through a single interface, rather than requiring users to log into different websites to use different tools.

The Google Workspace API supports Gmail, Google Docs, Google Drive, Google Calendar, and Google Sheets, Slides, and Tasks.

Much of Google’s own software, provided to and accessed directly by healthcare professionals, can be HIPAA compliant. But what about external programs that use the API?

Is the Google Workspace API HIPAA compliant?

For healthcare facilities and companies with their own software development teams, the Google Workspace API is a compelling option. The fewer systems that employees need to access, the fewer security endpoints there are to be exposed and exploited.

Given the information that hospitals, clinics, and healthcare workers handle on a day-to-day basis, HIPAA compliance is a must to ensure data and systems are kept as secure as possible.

The closest record we could find suggesting the Google API is compliant is a Digital Marketplace entry provided by the UK government, which simply says “Yes” for the Google Workspace API, its documentation, and its test environments.

Unfortunately, Google itself does not expressly describe the G Suite API, or Google Workspace API, as HIPAA compliant in its documentation.

Indeed, Google has a simple page to summarize HIPAA Included Functionality for its services, As of July 21, 2020, it lists “Gmail, Calendar, Drive (including Docs, Sheets, Slides, and Forms), Apps Script, Keep, Sites, Jamboard, Hangouts (chat messaging feature only), Google Chat, Google Meet, Google Voice (managed users only), Google Cloud Search, Cloud Identity Management, Google Groups, Google Tasks and Vault.”

The G Suite API, or Google Workspace API, is not mentioned.

Conclusion

Because Google does not expressly list its API among the HIPAA compliant functions it provides, it is prudent to assume that the Google Workspace API is not HIPAA compliant.

Software developers looking for an API to plug into HIPAA compliant email systems built specifically for covered entities should instead consider the Paubox Email API, which has already been implemented by many healthcare businesses.

SEE ALSO: Why Healthcare Businesses Choose the Paubox Email API

The Paubox Email API allows healthcare applications to send transactional emails at scale. The HITRUST CSF certified product allows patients to receive encrypted emails directly to their inboxes—no passwords or portals required.  It’s also easy to implement with clear documentation for software developers.

Try the Paubox Email API for FREE today.
Author Photo

About the author

Ryan Ozawa

Read more by Ryan Ozawa

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022