For organizations in the health industry, Google Workspace (formerly G Suite) is an attractive solution for many reasons. The cloud platform actively promotes collaboration and has a bunch of useful applications. One of them is Google Meet, a video chat and meeting application that integrates the Workspace experience. But is Google Meet HIPAA compliant?
For organizations in healthcare, a service is only a good option if it can be compliant with rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). A hugely important law that protects patient information, HIPAA is a bedrock for privacy within the health industry.
With that in mind, is Google Meet compliant with HIPAA? The answer is yes, but to comply with regulations organizations must take individual steps to meet requirements of HIPAA. In the article below, we will explain how you can make Google Meet compliant with HIPAA regulations.
| SuiteGuides.com is reader supported. If you make a purchase after clicking a link, we may earn a commission at no additional cost to you. |
What Is Google Meet?
Google Meet is a video communication app that can be used by itself or as part of Google Workspace.
Alongside Google Chat, the app replaces the outgoing Google Hangouts. It handles the video communication aspects of Hangouts by allowing users to conduct video meetings, conferences, lessons, and other visual communications, including telehealth appointments.
Meet was one of the apps that saw a surge in popularity during the COVID-19 pandemic, alongside rivals Microsoft Teams and Zoom. Now used by over 100 million people, Meet is popular among consumers and businesses alike.
Among the core features of Google Meet are the ability to host 250 participants in a meeting. You can also livestream to up to 100,000 people with up to 25 video participants.
When talking about HIPAA compliance, it’s important to remember that compliance is only possible through the paid version of Meet available in Google Workspace.
As part of Google’s enterprise cloud platform, Meet is automatically ready to comply with HIPAA regulations, but users must sign a BAA first (I’ll explain the exact steps you’ll need to take to do that in a moment.
What Is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law in the United States that was enacted to protect patients in the healthcare industry. It is a privacy law that protects sensitive data and information about a person’s health. Through national standards, HIPAA stops organizations from disclosing patient data without notifying them or getting consent.
It’s a very important law and one of the pillars of privacy in the healthcare industry in the US.
Any company must be HIPAA compliant to handle patient information, and this includes when using any apps or services. For healthcare organizations working during the COVID 19 Pandemic (when telehealth became so important) this posed new challenges. For some it was challenging to know which telehealth apps and services could be compliant with the 1996 HIPAA act.
HIPAA compliance is necessary for all health companies in the United States and for foreign companies operating in the U.S.
What is a BAA?
Google Meet can only be compliant with HIPAA laws through a BAA. A BAA is a Business Associate Agreement. As noted above, by being part of Google Workspace, the Google Meet app works under the existing privacy agreements set up for the platform.
Google is what is known as a “business associate”, which is any organization that discloses and manages protected health information (PHI). Any such company must sign an agreement called a Business Associate Agreement (BAA) that confirms they will comply with the regulations of HIPAA.
If a company plans to handle patient data or correspondence, they are required to sign a BAA. Google has many apps in Workspace, so it does not make sense to have individual BAA’s for each of these applications (Gmail, Voice, Meet, etc.). Instead, the company has a single BAA that covers the whole platform to make it more convenient.
This is actually quite easy to set up when you get a Google Workspace License.
I’ll explain how below.
Is Google Meet HIPAA Compliant?
The answer is yes, and also no. Google has taken the steps to set up Google Workspace, including Meet, to follow HIPAA standards, but the BAA agreement is not in place automatically. Instead, organizations must sign the agreement themselves when they start using Workspace for their medical practice. Once signed, Google Meet and the rest of the apps in Google Workspace will meet HIPAA standards.
Doing this is easy:
- Head to admin.google.com and log into your Workspace admin account (or create one here if you don’t have one yet)
- Navigate to your profile and click “show more”
- click “Legal and Compliance”
- Find “Security and Privacy Additional Terms”
- Review the information and click to accept “Workspace / Cloud Identity HIPAA Business Associate Agreement”
- A pop-up will appear with questions you must answer. Click “Accept” when you’re finished.
Now you’re set. Google Workspace is signed to the BAA and is now HIPAA compliant. That means all apps you need to use within Google Workspace’s ecosystem will adhere to privacy regulations, and that includes Google Meet.
Perhaps the most important thing to remember is that not following the steps above will mean your Workspace account is not compliant with HIPAA, so it’s an important step to take if you handle any sensitive patient files or communication in the tools that come with your Google Workspace license.
Another area of potential confusion is in the version of Google Meet that is available in Workspace. The Workspace version of Google Meet is actually the same as the app that is available for free without a Workspace account. It is worth noting that the free version of Google Meet is not compliant with HIPAA. In other words, you must sign up and have a paid Workspace account to be HIPAA complaint in Google Meet.
Google Meet HIPAA Compliance Remains Important
The regulations and standards set out by HIPAA are even more important today than they have ever been.
Privacy is in the spotlight, and tech companies face increasing scrutiny regarding their use of customer information. By singing a BAA and complying with HIPAA, health organizations can show patients and regulators that they are willing to meet privacy standards.
That said, simply agreeing to be compliant does not mean your company is following all relevant laws. That’s why training is so important as an accompaniment to HIPAA compliance.
Start by reading the legislation to understand what is expected of companies that work under HIPAA.