Google Apps is HIPAA Compliant! | Blog | Fullscript

Google Apps is HIPAA Compliant!

Written Nov 28th, 2013 by

On September 27, 2013, Google quietly announced that it was allowing Google Apps users to sign a Business Associate Agreement (BAA), which means Google Apps now supports HIPAA compliance!

Google Apps HIPAA Compliant

The announcement came with a huge sigh of relief for thousands of health care professionals who use Google Apps as their primary email service to communicate with patients.

Google’s official statement read:

“Ensuring that our customers’ data is safe, secure and always available to them is one of our top priorities. To demonstrate our compliance with security standards in the industry, Google has sought and received security certifications such as FISMA, ISO 27001, and SSAE 16. For customers who are subject to the requirements of the Health Insurance Portability and Accountability Act (HIPAA), Google Apps can also support HIPAA compliance.”

Is Google Apps the same as Gmail?

No. If you use Gmail to communicate with patients, unfortunately you can’t request a BAA from Google. Gmail is for personal use, and therefore a BAA is only available through Google Apps. For those who don’t know, Google Apps is for businesses and allows you to have a Gmail account under your own domain name (@your-domain.com instead of @gmail.com).

What about Google Apps Free Edition?

Unfortunately the BAA is only available for Google Apps for Business, Education, and Government domains and is not available for Google Apps Free Edition (also known as Standard Edition). This is disappointing since most small organizations use the free edition. As of December 6, 2012, Google stopped allowing new accounts for the free edition of Google Apps, so companies who signed up after that already have the Business Edition (at $5/user/month) and can request a BAA.

How can I get started?

I have Google Apps Free Edition
To request a BAA, you will first have to upgrade to Google Apps for Business.

I have Google Apps for Business
You’re all set. Simply request a BAA from Google.

I don’t have a Google Apps account
If you don’t currently have an email account or would like to migrate to a new provider, you can sign up for Google Apps for Business.


Does the HIPAA Privacy Rule permit health care providers to use email to discuss health issues and treatment with their patients?

Read the answer from the U.S. Department of Health & Human Services at HHS.gov.

Is FullscriptHIPAA Compliant?
Yes, Fullscript is a HIPAA compliant company and takes the privacy and security of your patient’s information very seriously.


This practitioner spotlight was brought to you by Fullscript. Have you got something you'd like to share with the community to help your profession grow? Send us an email and we'd be happy to put you in the spotlight!

About Fullscript
Fullscript allows health practitioners to create their own virtual dispensary stocked with more than 20,000 professional-grade natural health products from 275+ of the world's top brands.

Create your free account at Fullscript.com.


Login to Fullscript

Create a Practitioner Account

comments powered by Disqus