Is Google Drive Safe For My Client Files?

Is Google drive safe? Is Google HIPAA Compliant? Well, the answer is Yes and No.

As I started to use Google forms and documents more often for data keeping, attendance, reports, progress notes, invoices, you name it..., I started wondering...Is Google drive HIPAA compliant? Are my client's sensitive information safe?

What's HIPAA anyway?

First off, let's cover...what is HIPAA?

Briefly, HIPAA (The Health Insurance Portability and Accountability Act) makes sure we (medical professionals) keep all of our patient’s sensitive data private.

This is a huge deal and we should all take this very seriously! 

Is Google Drive HIPAA Compliant?

No! Regular Gmail and all Google Apps associated with your REGULAR Google account are not HIPAA compliant. 

From what I gather, the main reason for this answer has to do with the advertising in Gmail and security with some of the apps. Again, there is more to it but for our purposes, you just need to know that it is not HIPAA compliant. 

However, don't lose all hope yet. There are options for those Google lovers out there.

Options For HIPAA Compliant Google

G Suite is a paid option from Google that allows you to use Gmail and almost all of Google apps (I'll get to that in a second) for record keeping, etc....

G Suite is a Google business account that costs $5 per month. It uses your domain (website) as an email. For example, mine is bridget@speechtherapytalk.com.

For all that it offers, it is quite a bargain! To learn more about G Suite, click here. 

Some Tips On Using G Suite

For those who want to try G Suite, there is a 2-week free trial. I would try it if you are on the fence! I am not an affiliate, so this is truly just my honest opinion.

If you do try it, you must sign their BAA to complete your HIPAA compliance. It is quick and easy to do.

Once all those steps are completed (setting up an account and signing a BAA), you are ready to go. 

However, there are some Google apps that can and can't be used.

You can use:

  • Gmail
  • Calendar
  • Drive (including Docs, Sheets, Slides, and Forms)
  • Keep
  • Sites
  • Jamboard
  • Hangouts (chat messaging feature only)
  • Hangouts Meet
  • Google Cloud Search
  • Vault

You CAN'T use or store any PHI in:

  • Contacts
  • Groups
  • Google+

Bottom Line

G Suite is an email, word processing, data storage option that is HIPAA compliant (if you follow their instructions).

The benefits are:

  • Cloud storage
  • Google apps
  • Google storage for client files
  • Multiple users (for private practice)

Now I LOVE G Suite and Google Drive. If you want to get started using Google Drive for your students or for private practice, I have some free templates to check out: speech therapy documentation using Google Drive here

Enjoy!





Bridget is an ASHA certified, practicing speech-language pathologist. She is passionate about providing parents with information on child speech and language development as well as provide functional, easy activities to do at home! Parents have the power to make a real difference. Follow Bridget at Facebook and Pinterest for more fun!

Author of  child language development eBook series