Is Google Calendar HIPAA Compliant?

Can you use Google Calendar to schedule patient appointments? Is Google Calendar HIPAA compliant? The convenience of using Google Calendar to schedule appointments has led many healthcare providers to wonder whether or not the platform is HIPAA compliant.

Determining Google Calendar’s HIPAA Compliance

Security features

Business associate agreement

Is Google Calendar HIPAA compliant?

Google Calendar HIPAA Compliant: Security Features

When determining if Google Calendar is HIPAA compliant, the first step is to conduct a risk analysis. A risk analysis identifies any potential risks that arise when using Google Calendar in conjunction with electronic protected health information (ePHI). If there are risks identified by conducting a risk analysis, before using Google Calendar with PHI, risks must be addressed with remediation efforts. 

It is also essential to implement audit and access controls within the platform before using Google Calendar for scheduling patient appointments.

Access controls. As part of HIPAA requirements, access to PHI must be limited to only those that need access to perform a specific job function. As such, access controls must be implemented to ensure adherence to this standard. Access controls designate different levels of access to PHI to employees based on their job function. Google Calendar enables access controls; however, the feature must be activated.

Audit logs. To ensure that access to PHI is in accordance with HIPAA standards, it is important to track access to PHI with audit logs. Audit logs keep a detailed account of who accesses PHI, what information they access, and how long they accessed it for.

Why Compliancy Group

HIPAA Compliance is an important part of your business, so why not use someone you can trust? Compliancy Group is the only compliance firm to be listed on both Inc. 2020 Best Places to Work and 2020 Inc. 5000 list of the fastest-growing private companies in America. By working with us, you are welcomed into the safety of our family.

Put your trust in us

Google Calendar HIPAA Compliant: Business Associate Agreement

Business associate agreements (BAAs) are legal documents that dictate the safeguards business associates are required to have in place to secure the PHI they receive, transmit, store, or maintain on your behalf. BAAs must be signed with all of your business associates before you share PHI with them. Google is willing to sign a BAA with users of their paid service, but not for users with their free service.

Google’s BAA covers:

G Suite (including Google Calendar)

Google Drive

Chat messaging feature of Google Hangouts

Hangouts Meet

Google Keep

Google Cloud Search

Google Sites

Jamboard

Google Vault services

Is Google Calendar HIPAA Compliant?

Yes, provided that Google Calendar is properly used, access controls are enabled, and you have signed a HIPAA business associate agreement, Google Calendar is HIPAA compliant. However, since Google is only willing to sign a business associate agreement for users with paid accounts, the free version of Google Calendar is NOT HIPAA compliant.

Schedule a Call

Compliancy Group’s compliance guides walk clients through every step of compliance. We provide live support through virtual meetings, and verification and validation of your efforts. Upon completion of our implementation process, your Compliance Coach will review your compliance program to verify and validate that you have everything you need, issuing you our Seal of ComplianceTM. Working with Compliancy Group gives you confidence and peace of mind in your compliance!

Talk to us today
Third Party Verification and Validation

Need Help with HIPAA?

Let our complete HIPAA solution handle it.