Google Apps is HIPAA Compliant!


On September 27, 2013, Google quietly announced that it was allowing Google Apps users to sign a Business Associate Agreement (BAA), which means Google Apps now supports HIPAA compliance!

The announcement came with a huge sigh of relief for thousands of health care professionals who use Google Apps as their primary email service to communicate with patients.

Google’s official statement read:

“Ensuring that our customers’ data is safe, secure and always available to them is one of our top priorities. To demonstrate our compliance with security standards in the industry, Google has sought and received security certifications such as FISMAISO 27001, and SSAE 16. For customers who are subject to the requirements of the Health Insurance Portability and Accountability Act (HIPAA), Google Apps can also support HIPAA compliance.”

Is Google Apps the same as Gmail?

No. If you use Gmail to communicate with patients, unfortunately you can’t request a BAA from Google. Gmail is for personal use, and therefore a BAA is only available through Google Apps. For those who don’t know, Google Apps is for businesses and allows you to have a Gmail account under your own domain name (@your-domain.com instead of @gmail.com).

What about Google Apps Free Edition?

Unfortunately the BAA is only available for Google Apps for Business, Education, and Government domains and is not available for Google Apps Free Edition (also known as Standard Edition). This is disappointing since most small organizations use the free edition. As of December 6, 2012, Google stopped allowing new accounts for the free edition of Google Apps, so companies who signed up after that already have the Business Edition (at $5/user/month) and can request a BAA.

How can I get started?

I have Google Apps Free Edition
To request a BAA, you will first have to upgrade to Google Apps for Business.

I have Google Apps for Business
You’re all set. Simply request a BAA from Google.

I don’t have a Google Apps account
If you don’t currently have an email account or would like to migrate to a new provider, you can sign up for Google Apps for Business.


Does the HIPAA Privacy Rule permit health care providers to use email to discuss health issues and treatment with their patients?

Read the answer from the U.S. Department of Health & Human Services at HHS.gov.

Is FullscriptHIPAA Compliant?
Yes, Fullscript is a HIPAA compliant company and takes the privacy and security of your patient’s information very seriously.