Call now for cybersecurity help: 888-646-1616
The short answer is yes, Google Keep can be configured to be HIPAA compliant. Just keep in mind that users are responsible for making sure Google’s services are configured correctly and are used in a manner that does not violate HIPAA Rules.
Feature Download: FREE checklist about Gmail and Google Workspace HIPAA Compliance (Download Now)
Commonly, practitioners want to use Google Keep as it is a simple tool that allows them to create To-Do lists and to keep track of the task completion for themselves.
Is Your Google Keep HIPAA Compliant and Secure? Don’t Wait for a Breach, Start your cloud security journey with our comprehensive audit.. Our specialists are committed to helping your business stay safe and seamlessly achieve HIPAA compliance.
It is a cloud-based note-taking application that allows notes to be created and shared across multiple devices, which is one of the primary reasons why it has become more popular in recent months.
The question still remains, can healthcare organizations use Google Keep? Is Google Keep HIPAA compliant?
Trying to decipher the HIPAA Compliance of Google Keep can be confusing. HIPAA compliance relates less to technology and more to how technology is operated.
The Business Associate Agreement (BAA) is a key component to HIPAA compliance between a Covered Entity and a Business Associate.
Google Workspace offers a BAA that covers Google Keep, which means that Google Keep for Google Workspace is a HIPAA-compliant service. It’s important to note that you must sign a BAA with Google to be HIPAA compliant. And you can only get a BAA with a paid Google Workspace subscription.
But here’s a disclaimer that many private practice “influencers” miss: signing a BAA with Google does not make your Google Workspace HIPAA compliant.
Seriously – Google CLEARLY says
“Customers are responsible for … ensuring that they use Google services in compliance with HIPAA.”
“PHI is allowed only in a subset of Google services.”
“These Google-covered services … must be configured by IT administrators to help ensure that PHI is properly protected."
So yes, Google Workspace CAN be HIPAA compliant, but it’s not compliant right out of the box.
You need to make sure your account is secure.
What our clients say
An important thing to notice, however, is that users with a free @gmail.com address are not part of Google Workspace.
In other words, from a HIPAA compliance perspective, it’s important to note that Google Keep for free Gmail is not HIPAA compliant whereas Google Keep for Google Workspace (a paid subscription) can be configured to be HIPAA compliant.
That means that access controls must be properly implemented, file-sharing permissions must be set correctly, and healthcare organizations should also ensure that files cannot be shared outside the organization. Users must be trained on HIPAA compliance and care must be taken to ensure that any files containing ePHI are only shared with individuals authorized to view the information.
Here are some important things that you need to consider:
Google has published a Guide for HIPAA Compliance with G Suite to help with implementation.
We help medical practices move to cloud services like Google Workspace. If you’re confused about how to make Google Workspace HIPAA compliant, grab our free guide!
Google Keep is a good option for healthcare organizations. It can be used in a HIPAA-compliant manner. Remember, you must have Google Workspace to use Google Keep. The free versions of these programs can never be HIPAA compliant since Google will only provide BAAs for paid subscriptions.
Talk to us!
Have questions or feedback? Please share them in the comments below.
Like this article? Share it!
Yes, Google Keep can be configured to be HIPAA compliant when used as part of a paid Google Workspace subscription and configured correctly.
No, signing a BAA does not ensure compliance; users must configure Google Workspace properly.
What our clients say
