Is Google Hangouts HIPAA Compliant?
The Google services that were formerly known as Google Hangouts are HIPAA compliant, and can be used to collect, transmit, and share Protected Health Information (PHI) provided they are used as part of a Google Workspaces account that supports HIPAA compliance. It is also necessary for HIPAA-covered customers to agree to Google’s Business Associate Addendum before disclosing PHI on a Google Hangouts service.
Google Hangouts was launched in 2013 as a cross-platform messaging service that evolved into a popular chat, voice, and video communication tool. Originally offered free of charge to personal customers, and later as part of the G Suite service to enterprise customers, Hangouts came under increasing competition from rival messaging services such as iMessage, WhatsApp, and Facebook Messenger.
To give Hangouts a more meaningful identity, the service was divided into two individual services in 2017 which were renamed Hangouts Chat and Hangouts Meet. The two new services underwent a further rebranding in 2020 – to Google Chat and Google Meet – when the enterprise G Suite package was rebranded as Google Workspace. Google Chat and Google Meet remain free-to-use for personal Google customers.
Google Hangouts Services and HIPAA Compliance
Organizations that subscribe to a Google Workspace account can use Google Chat and Google Meet without worrying about HIPAA compliance as long as the services are not used to create, collect, store, or transmit PHI. However, if PHI is used or disclosed on a Google Chat or Google Meet service, it is necessary to subscribe to an Enterprise Workspace account and agree to Google’s Business Associate Addendum.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Before agreeing to Google’s Business Associate Addendum, it is important to be aware that both the Addendum and the Terms of Services to which it relates places compliance obligations on HIPAA-covered customers – not only to use services with “included functionality” in compliance with HIPAA, but also to take reasonable precautions to prevent unauthorized access to any Workspace service and report unauthorized use to Google.
To help HIPAA-covered customers comply with their obligations to use Google Workspace in compliance with HIPAA, Google has published a HIPAA Implementation Guide. The Guide includes recommendations for configuring Google Chat and Google Meet to govern the visibility of shared files and folders (in Google Drive) and for implementing Data Loss Prevention in Google Chat to prevent files being shared impermissibly.
The Final Step to Make Google Hangouts HIPAA Compliant
The final step to make Google Hangouts HIPAA compliant is to train workforce members how to use Google Chat and Google Meet in compliance with HIPAA. The nature of training can vary depending on an organization’s operations and whether workforce members use either service to communicate directly with patients – for example, because a patient has requested confidential communications via Google Chat, or because the organization provides a telehealth service via Google Meet.
Organizations who are unsure about their compliance obligations under Google’s Terms of Service and Business Associate Addendum, who need help configuring Google Chat and Google Meet to be HIPAA compliant, or who require assistance complying with the HIPAA training requirements should seek professional compliance advice.
