Google Voice is a VoIP provider – a service that transmits phone calls through an internet connection – that has become increasingly popular amid the new work from home environment. As with any software, healthcare organizations need to determine its HIPAA compliance before it can be used in conjunction with PHI. The question of, is Google Voice HIPAA compliant, is discussed below.
Is Google Voice HIPAA Compliant: Security Features
One of the most important aspects of HIPAA compliance is ensuring the confidentiality, integrity, and availability of protected health information (PHI). This is accomplished through the implementation of HIPAA safeguards. Therefore when determining Google Voice HIPAA compliance, it is important to note their security features that safeguard PHI.
Google enables the following:
- Access controls: allow administrators to designate different access levels to information based on an employee’s job function.
- Audit controls: track access to information to ensure that protected health information is accessed in accordance with the HIPAA Privacy Rule minimum necessary standard.
- User authentication: unique login credentials to ensure that users are who they appear to be.
- Encryption: Masks sensitive data so that it can only be accessed by authorized users.
However, no software can be considered fully HIPAA compliant, as software HIPAA compliance comes down to how an end user utilizes the software. As such, before implementing a new software in your organization, you must ensure that the above mentioned security features are enabled. In addition, employee’s must be trained in the proper use of the software to ensure use and disclosure of PHI within the platform is in accordance with HIPAA standards.
Google Voice and HIPAA Business Associate Agreements
Under HIPAA, software providers are considered business associates when creating, receiving, transmitting, storing, or maintaining PHI on behalf of their covered entity clients. HIPAA requires healthcare organizations to sign business associate agreements (BAAs) with their business associates before it is permitted to share PHI with them.
So when determining Google Voice HIPAA compliance, you must consider whether or not they are willing to sign a BAA. Google will sign a BAA with their Google Voice for G Suite customers, but will not for the free version of Google Voice.
Is Google Voice HIPAA Compliant?
Is Google Voice HIPAA Compliant? Yes, but only their paid service. Since Google is unwilling to sign a BAA with customers using the free version of Google Voice, Google Voice’s free version is not HIPAA compliant.