Google Voice is a popular communication application that is available as a consumer tool and as part of the company’s Google Workspace (formerly G suite) cloud bundle. But does Google Voice stack up across business scenarios for organizations that require a HIPAA-compliant service? The simple answer is yes, but there are some caveats and details worth knowing about. Keep reading to find out more.
Since Google has made Voice part of its enterprise suite, it makes sense that plenty of health professionals are interested in using the app. However, for it to function in a healthcare professional environment, the app is required to have protection under the Health Insurance Portability and Accountability Act (HIPAA).
| SuiteGuides.com is reader supported. If you make a purchase after clicking a link, we may earn a commission at no additional cost to you. |
What Is Google Voice?
A good place to start will be with a brief history of Google Voice, a service that was first launched back in 2009. That launch followed Google’s acquisition of GrandCentral and allowed the company to enter the voice communication market for the first time.
Google Voice is an easy-to-use telephony service that handles voicemails, free text messages, voicemail transcription to text, call forwarding, and other tools. Voice is available in the U.S., Canada, Denmark, Portugal, France, Spain, Netherlands, Sweden, Switzerland, and the UK.
Users get a telephone number and calls to the number are forwarded to another number of their choosing. It is possible to add multiple numbers and allow Google Voice to act as a central forwarding hub.
When the app was first launched over a decade ago, it was very much a consumer-focused app. That meant there was no requirement to get HIPPA compliance, so Google just didn’t bother.
In 2018 that changed when the company decided it wanted to position Google Voice also as an enterprise tool. A decision was made to fold the app into the company’s G Suite platform.
Because G Suite (now Google Workspace) already has HIPAA security agreements, Voice was automatically covered once Google signed a BAA.
What Is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law in the United States. It helps protect sensitive data about patients and their health. HIPAA is a collection of national standards that prevent organizations from disclosing information about patients without their consent or without being told.
It remains one of the most fundamental tenants of privacy in the healthcare industry. Apps and platforms must agree to be HIPAA compliant if they are going to be used in a professional manner by healthcare organizations and workers.
Because HIPPA is a U.S. law, compliance is only necessary for companies in the United States. Foreign businesses that have operations in the U.S. must also comply with HIPAA.
What is a BAA?
As noted, Google Voice fell under Google Workspace’s existing privacy agreements when it debuted on the platform in 2018. However, the company needed to sign what’s called a BAA to make Voice HIPAA compliant.
A Business Associate Agreement (BAA) is an agreement made by a business associate. These are organizations that handle and disclose protected health information.
All businesses associated must sign an agreement that states they will adhere to the standards of HIPAA compliance. In other words, any company that is communicating sensitive health data (as Google does through Voice, Gmail, and other apps) must sign a BAA.
Instead of signing a BAA for each individual application, Google will sign a single agreement to cover all apps under the Google Workspace umbrella.
So, Google Voice is HIPAA Compliant?
Google has signed a BAA to ensure Google Voice and other Workspace apps comply with HIPPA. But only if your organization has an active Google Workspace license. What’s more, healthcare organizations or professionals will need to set up the compliance themselves.
Luckily, this is easy enough to do by following these steps:
Steps to Comply with HIPAA While Using Google Voice
- Visit admin.google.com to log into your Workspace admin account (click here to sign up for Workspace if you don’t yet have an account).
- Enter your profile and select “show more.”
- Select “Legal and Compliance.”
- Find “Security and Privacy Additional Terms.”
- Review the information and choose to accept “Workspace / Cloud Identity HIPAA Business Associate Agreement.”
- A pop-up will appear with some straight-forward questions. Answer these questions and then select “Accept.”
And that’s it! Your Workspace seats and Google Voice are now HIPPA compliant. Any apps, including Google Voice, Google Meet, Drive, and others will now function in accordance with the privacy standards laid out by HIPAA.
Remember, unless you follow the steps above Google Voice will remain uncompliant with HIPAA regulations. You need a paid Google Workspace license to comply.
That makes the original question of whether Google Voice is HIPAA compliant tricky to answer. Google has done the work to make sure the app can be compliant in Workspace. But unless you agree to the laws in your Workspace settings, then Google’s BAA and your compliance will not be in effect.
A Common Point of Confusion
Another thing worth noting is Google Voice is still available as a consumer tool outside of Google Workspace. That means people can use the app without needing a Google Workspace subscription.
It’s important to reiterate: If you use Google Voice, a consumer app outside of Workspace, then it is not compliant with HIPAA regulations.
You will need a paid Google Workspace license. You will also need to follow the steps above to be included under Google’s BAA.
Why HIPAA Compliance is Important
When you use Google Voice and agree to the terms of signing the BAA, you give your healthcare business the ability to handle sensitive data. However, it is worth remembering that having an agreement does not mean your organization is being compliant.
That’s because there are specific standards that your business and its employees must adhere to beyond simply agreeing. As a result, employee training is important to meet the standards of HIPAA regulations.
You should also have a read through the legislation to understand what is necessary for full compliance.