Is Google Hangouts HIPAA Compliant?

As several healthcare organizations use G Suite products to operate their businesses, it is important to determine which G Suite products are HIPAA compliant. One commonly used G Suite product is Google Hangouts. But is Google Hangouts HIPAA compliant and secure?

Is Google Hangouts HIPAA Compliant: Security Features

When determining whether or not software is HIPAA compliant, you must consider the security features offered by the product. As HIPAA requires you to maintain the confidentiality, integrity, and availability of protected health information (PHI), the security features must enable you to do so.

Are Google Hangouts’ security features adequate to secure PHI? In fact, is Google Hangouts secure? Yes, hangouts is secure, but you must configure the platform to enable the features.

Google instructs, 

“Hangouts Chat provides several options for Admins to control sharing PHI. Hangouts Chat can be enabled or disabled for everyone in the domain or selectively enabled for specific organizations. To enable the service for specific organizations, Admins can select the ‘ON for some organizations’ option which displays the Org Units to search and select. Note that cross domain and external communication is not supported in Hangouts Chat.”

They also recommend when adding multiple users to a chat, to create a new room, as new members can view previous chat history. In addition, PHI should not be contained in the name of the room.

Why Compliancy Group

HIPAA Compliance is an important part of your business, so why not use someone you can trust? Compliancy Group is the only compliance firm to be listed on both Inc. 2020 Best Places to Work and 2020 Inc. 5000 list of the fastest-growing private companies in America. By working with us, you are welcomed into the safety of our family.

Put your trust in us

Is Google Hangouts HIPAA Compliant: Business Associate Agreements

Even if a software provider has all of the required security features in place, if they are unwilling to sign a business associate agreement (BAA), they are not HIPAA compliant. Google is willing to sign a BAA, however, their BAA does not extend to all of their products. Google states on their website that their BAA covers the following products:

Google offers a BAA covering Gmail, Google Calendar, Google Drive (including Docs, Sheets, Slides, and Forms), Google Hangouts (chat messaging feature only), Hangouts Meet, Google Voice (managed users only), Google Keep, Google Cloud Search, Google Sites, Jamboard, and Google Vault services.

For more information on G Suite products and HIPAA, please click here.

Is Google Hangouts HIPAA Compliant?

Yes, Google Hangouts is HIPAA compliant. However, since Google’s BAA only covers the Google Hangouts chat feature, other features (video, audio) cannot be used in conjunction with PHI. For video or audio, healthcare organizations can use Hangouts Meet for HIPAA compliant communications.