Are Google Home and Google Assistant HIPAA Compliant?

Can Google Home and Google Assistant be used in medical practices? Is Google Assistant HIPAA compliant or would using it in the workplace constitute a HIPAA violation?

Connected home assistants such as Google Home devices are growing in popularity. According to a 2018 study by market research firm Cognilytica, 51% of people use voice assistants in the car, 39% use them at home, and 1% use them at work. Apple’s Siri has the greatest market share followed by Google Assistant, which powers Google Home smart speakers.

It may be tempting to bring a Google Home device into the office and use it to take notes, get quick answers to questions, launch applications, and schedule reminders and calls. In a normal office environment, a Google Home device could possibly be used, but in healthcare, there is considerable potential for a HIPAA violation.

Virtual assistants are being developed for use in healthcare and they have potential to change how physicians interact with medical records and deliver patient care, but currently most virtual assistants lack the required security safeguards to satisfy the requirements of HIPAA.

Google Home devices can be configured to record audio and video, which in a healthcare setting could easily violate the privacy of patients. If any medical information is dictated or otherwise recorded, that would be classed as a HIPAA violation unless the voice technology was covered by a business associate agreement.

Is Google Assistant HIPAA Compliant?

Google does sign business associate agreements with healthcare companies for a wide range of its products, but currently neither Google Home nor Google Assistant are covered by its BAA. Until such time that Google confirms that its voice assistant meets the requirements of HIPAA and includes devices and the voice technology that power them into its BAA, neither Google Home nor Google Assistant are HIPAA compliant and should not be used in a healthcare setting.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.