Is Google Slides HIPAA Compliant?
Google Slides is HIPAA compliant and can be used to create slides and presentations containing Protected Health Information provided the service is used as part of a Google Workspace plan covered by a Business Associate Addendum and configured to restrict document sharing. It will also be necessary to include the compliant use of Google Forms in workforce training.
Google Slides is a presentation editor that allows users to create slide shows, training materials, and project presentations. Because of its ease of use, Google Slides is an ideal option for users who do not regularly create slide shows or presentations and do not have a software package that offers the same functionality. Google Slides is available free of charge for personal use but personal users cannot use Google Slides in compliance with HIPAA.
Using Google Slides in Compliance with HIPAA
HIPAA covered entities and business associates that want to take advantage of Google Slides’ functionality can do so without any HIPAA compliance concerns provided Protected Health Information (PHI) is not used or disclosed in the slides. If PHI is going to be used or disclosed, it will be necessary to subscribe to an Enterprise Workspace account and agree to Google’s Business Associate Addendum.
Google’s Business Associate Addendum is so called because it is an addendum to the Workspace Terms of Service – a document all system administrators need to be familiar with because it contains customer obligations such as responsibility for end user behavior, using “commercially reasonable means” to prevent unauthorized use of the services, and notifying Google of any unauthorized access.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
How to Make Google Slides HIPAA Compliant
Google Slides is not HIPAA compliant by default. In order to make Google Slides HIPAA compliant, system administrators should follow the recommendations in Google’s HIPAA Implementation Guide. These include configuring Google Drive to limit how files can be shared and who with, and how to set up security notifications when Google detects unusual or suspicious behavior on an organization’s account.
It will also be necessary to train members of the workforce on how to use Google Workspace services in compliance with HIPAA to avoid scenarios in which end users take compliance shortcuts to get the job done. Organizations that encounter challenges integrating Google Workspace training into a HIPAA security awareness program are advised to seek professional compliance advice.
