“Is Google Voice HIPAA compliant?” We hear this question quite often. This article will explore Google Voice, how it can be used in healthcare, and whether Voice’s texting feature is HIPAA compliant.
If you’ve never heard of Google Voice, it’s a fantastic tool for staying in touch with people over the phone. You can get a phone number from Google, and set it up so it rings through to all of your devices.
Google Voice is a Voice over Internet Protocol (VoIP) phone service provided by Google. Once you’re signed up with a Google Voice number, you can make and receive calls on your personal device - but without using your personal number. It includes call forwarding, voicemail, and unlimited SMS messages.
Google Voice can be integrated with Google Meet (video calls/telehealth/teleconferencing) and Google Calendar to keep you organized. Google Voice can be added to any Google Workspace subscription.
Google Workspace (formerly known as G Suite) is a paid service that includes Gmail, Google Drive, Calendar, Meet and more. If your email address ends in @gmail.com, you do not have Google Workspace. We recommend and use Google Workspace in our own business.
Check out our article on HIPAA Compliant Gmail (The Perfect How-To Guide for 2021) to learn more about Google Workspace HIPAA compliance.
You can have a free @gmail.com account, or you can pay for a Google Workspace gmail account.
Same with Google Voice. There is a free version and a paid version.
You need the paid version if you want to be HIPAA compliant. And you can only get the paid version if you use Google Workspace.
Why do you need the paid version? Because Google will not provide a business associate agreement (BAA) with their free Gmail or free Voice subscriptions.
So, here’s what you need to do to make Google Voice HIPAA compliant :
How much does Google Voice cost? There are three tiers: Starter $10/user/mo, Standard $20/user/mo, Premier $30/user/mo. We recommend the Standard subscriptions because it includes eDiscovery for calls and voicemails for records retention purposes.
It’s important to know that Google Workspace CAN be HIPAA compliant. It isn’t properly configured when you purchase the subscription. Signing the BAA with Google is the first step, but it’s not the only step. We can help with getting it properly configured.
But here’s a disclaimer that many private practice “influencers” miss: signing a BAA with Google does not make your Google Workspace HIPAA compliant.
Seriously – Google CLEARLY says
“Customers are responsible for … ensuring that they use Google services in compliance with HIPAA.”
“PHI is allowed only in a subset of Google services.”
“These Google covered services … must be configured by IT administrators to help ensure that PHI is properly protected."
So yes, Google Workspace CAN be HIPAA compliant, but it’s not compliant right out of the box.
You need to make sure your account is secure.
A big advantage of using Google Voice is that you and your users don’t need dedicated devices for business purposes. Your users can answer work calls without being in the office. The Google Voice app can integrate with Google Calendar, allowing you to ‘turn on’ your work Voice number during work hours, but ‘turn it off’ afterward. Clients can leave voicemails instead.
The Standard and Premier subscriptions include multi-level auto attendant, which means your clients will hear a phone menu and then can choose which person they want to speak with.
Google Voice is great for Healthcare because it is affordable, calls are unlimited, integrates well with Google Workspace, employees can use their own devices (mobile or desktop), transcribes voicemail messages and more. You can make the paid version of Google Voice HIPAA compliant IF you properly set up Google Workspace.
Texting is very popular. We hear from practices all the time that want to send or receive texts from their clients.
Google Voice includes SMS messaging, but this is not secure for PHI. There are some services that provide HIPAA-compliant texting, but they’re not very convenient. You and your patients must download the same app, which is how the service ensures you’re HIPAA compliant.
In practice, many of our small practice clients will tell their patients that it’s OK to text them, but to NEVER discuss anything medical via text. They will only discuss scheduling or billing issues via text.
Google Voice is a great option for healthcare organizations. It can be used in a HIPAA compliant manner. Remember, you must have Google Workspace to use Google Voice. The free versions of these programs can never be HIPAA compliant, since Google will only provide BAAs for paid subscriptions.
We help medical practices move to cloud services like Google Workspace. If you’re confused about how to make Google Workspace HIPAA compliant, grab our free guide!