Call now for cybersecurity help: 888-646-1616
Douglas Polanco

Google Keep HIPAA Compliance: 3 Quick and Simple Questions

September 30, 2021,

Is Google Keep HIPAA Compliant?

The short answer is yes, Google Keep can be configured to be HIPAA compliant. Just keep in mind that users are responsible for making sure Google’s services are configured correctly and are used in a manner that does not violate HIPAA Rules.

Read on to learn more!

Feature Download: FREE checklist about Gmail and Google Workspace HIPAA Compliance (Download Now)

It is very common that practitioners want to use Google Keep as it is a simple tool that allows them to create To-Do lists and to keep track of the task completion for themselves. 

Google Keep HIPAA Compliance

What is Google Keep?

It is a cloud-based note-taking application that allows notes to be created and shared across multiple devices, which is one of the primary reasons why it has become more popular in recent months. 

The question still remains, can healthcare organizations use Google Keep? Is Google Keep HIPAA compliant?

Trying to decipher the HIPAA Compliance of Google Keep can be confusing. HIPAA compliance relates less about technology and more about how technology is operated.

The Business Associate Agreement (BAA) is a key component to HIPAA compliance between a Covered Entity and a Business Associate.

Google Workspace offers a BAA that covers Google Keep, which means that Google Keep for Google Workspace is a HIPAA compliant service. It’s important to note that you must sign a BAA with Google to be HIPAA compliant. And you can only get a BAA with a paid Google Workspace subscription.

Wait! BAA does not mean HIPAA compliance

But here’s a disclaimer that many private practice “influencers” miss: signing a BAA with Google does not make your Google Workspace HIPAA compliant.

Seriously – Google CLEARLY says

“Customers are responsible for … ensuring that they use Google services in compliance with HIPAA.”

“PHI is allowed only in a subset of Google services.”

“These Google covered services … must be configured by IT administrators to help ensure that PHI is properly protected."

So yes, Google Workspace CAN be HIPAA compliant, but it’s not compliant right out of the box.

You need to make sure your account is secure.

Free Keep vs. Google Workspace Keep

An important thing to notice, however, is that users with a free address are not part of Google Workspace.

In other words, from a HIPAA compliance perspective, it’s important to note that Google Keep for free Gmail is not HIPAA compliant whereas Google Keep for Google Workspace (a paid subscription) can be configured to be HIPAA compliant.

That means that access controls must be properly implemented, file-sharing permissions must be set correctly, and healthcare organizations should also ensure that files cannot be shared outside the organization. Users must be trained on HIPAA compliance and care must be taken to ensure that any files containing ePHI are only shared with individuals authorized to view the information.

HIPAA Compliance

Do you want to avoid any HIPAA violations?

Here are some important things that you need to consider: 

  • Obtain a BAA from Google before using Google Workspace to manage PHI
  • Configure access controls properly
  • Use 2-factor authentication for accessing purposes
  • Use strong and safe passwords
  • Switch off file syncing
  • Turn link sharing to off
  • Limit sharing of files outside the domain (Google offers advice if external access is needed)
  • Turn visibility of documents settings to private
  • Switch off third-party apps and add-ons
  • Do not allow offline storage for Google Drive
  • Do not allow access to apps and add-ons
  • Review access and account logs and shared file reports constantly
  • Configure ‘manage alerts’ to make sure the administrator is made aware of any changes to settings
  • Back up all data saved on Google Drive
  • Make sure employees are trained properly on the use of Google Drive and other G Suite apps
  • Never use ‘PHI’ in the titles of files

Google has published a Guide for HIPAA Compliance with G Suite to help with implementation.

We help medical practices move to cloud services like Google Workspace. If you’re confused about how to make Google Workspace HIPAA compliant, grab our free guide!

Feature Download: FREE checklist about Gmail and Google Workspace HIPAA Compliance (Download Now)


Google Keep is a good option for healthcare organizations. It can be used in a HIPAA-compliant manner. Remember, you must have Google Workspace to use Google Keep. The free versions of these programs can never be HIPAA compliant since Google will only provide BAAs for paid subscriptions.

Talk to us!

Have questions or feedback?  Please share them in the comments below.

Like this article?  Share it!

Leave a Reply

Your email address will not be published. Required fields are marked *


Do you think we might be a
good match?

We help over 100 of the best financial services, healthcare, and manufacturing companies across the U.S. with their cybersecurity.
Copyright 2023 Adelia Associates, LLC | All Rights Reserved