G Suite and HIPAA Compliance
If your organization handles Protected Health Information (PHI) in the United States, you’re likely required to protect that information under the Health Insurance Portability and Accountability Act (HIPAA).
The good news is Google will sign a Business Associate Agreement for G Suite with your organization. (Actually, Google requires your organization to do so. As Google’s support page says: organizations “Customers who have not entered into a BAA with Google must not use Google services in connection with PHI”)
However, the agreement covers just four G Suite services: Gmail, Calendar, Drive, Sites, and Vault. (Google Vault provides archiving and discovery services for compliance purposes.) Learn more from Google about HIPAA compliance and G Suite.
For more information on advanced privacy and security settings for G Suite, Gmail tips, linking and syncing best practices, and mobile device management, check out our eBook: G Suite: Advanced Security Configuration and Compliance.