The short answer is yes, Google Keep can be configured to be HIPAA compliant. Just keep in mind that users are responsible for making sure Google’s services are configured correctly and are used in a manner that does not violate HIPAA Rules.
Read on to learn more!
It is very common that practitioners want to use Google Keep as it is a simple tool that allows them to create To-Do lists and to keep track of the task completion for themselves.
It is a cloud-based note-taking application that allows notes to be created and shared across multiple devices, which is one of the primary reasons why it has become more popular in recent months.
The question still remains, can healthcare organizations use Google Keep? Is Google Keep HIPAA compliant?
Trying to decipher the HIPAA Compliance of Google Keep can be confusing. HIPAA compliance relates less about technology and more about how technology is operated.
The Business Associate Agreement (BAA) is a key component to HIPAA compliance between a Covered Entity and a Business Associate.
Google Workspace offers a BAA that covers Google Keep, which means that Google Keep for Google Workspace is a HIPAA compliant service. It’s important to note that you must sign a BAA with Google to be HIPAA compliant. And you can only get a BAA with a paid Google Workspace subscription.
But here’s a disclaimer that many private practice “influencers” miss: signing a BAA with Google does not make your Google Workspace HIPAA compliant.
Seriously – Google CLEARLY says
“Customers are responsible for … ensuring that they use Google services in compliance with HIPAA.”
“PHI is allowed only in a subset of Google services.”
“These Google covered services … must be configured by IT administrators to help ensure that PHI is properly protected."
So yes, Google Workspace CAN be HIPAA compliant, but it’s not compliant right out of the box.
You need to make sure your account is secure.
An important thing to notice, however, is that users with a free @gmail.com address are not part of Google Workspace.
In other words, from a HIPAA compliance perspective, it’s important to note that Google Keep for free Gmail is not HIPAA compliant whereas Google Keep for Google Workspace (a paid subscription) can be configured to be HIPAA compliant.
That means that access controls must be properly implemented, file-sharing permissions must be set correctly, and healthcare organizations should also ensure that files cannot be shared outside the organization. Users must be trained on HIPAA compliance and care must be taken to ensure that any files containing ePHI are only shared with individuals authorized to view the information.
Here are some important things that you need to consider:
Google has published a Guide for HIPAA Compliance with G Suite to help with implementation.
We help medical practices move to cloud services like Google Workspace. If you’re confused about how to make Google Workspace HIPAA compliant, grab our free guide!
Google Keep is a good option for healthcare organizations. It can be used in a HIPAA-compliant manner. Remember, you must have Google Workspace to use Google Keep. The free versions of these programs can never be HIPAA compliant since Google will only provide BAAs for paid subscriptions.
Talk to us!
Have questions or feedback? Please share them in the comments below.
Like this article? Share it!