Is Google Voice HIPAA Compliant? 

Google Voice is a VoIP provider, a service that transmits phone calls through an internet connection. With the new option of working from home, Google Voice has grown in popularity. It's a practical telephone service with voicemail, speech-to-text, text messaging, and many other applicable functions. Google voice offers a free version for personal Google accounts in the U.S. and paid versions for Google Workspace (formerly G Suite) accounts in select markets. However, before using any software with protected health information (PHI), healthcare institutions must confirm that it complies with HIPAA regulations. This post will cover everything there is to know about Google Voice and HIPAA compliance.

Is Google Voice HIPAA compliant?

Simply put, the paid version of Google Voice for Google Workspace can be considered HIPAA compliant and utilized by healthcare organizations concerning PHI without breaching HIPAA regulations. The free personal version should not be used by healthcare organizations or healthcare employees in a professional capacity related to PHI since doing so would break HIPAA compliance. The rules of the "conduit exemption," according to which a company that transmits PHI is exempt from the HIPAA Security Rule, are outlined in the HIPAA Omnibus Final Rule. The rule excludes a narrow group of entities from entering into business associate agreements with covered entities. The entity must adhere to HIPAA regulations if it isn't exempt under the "conduit exemption." Because Google Voice is not a "conduit," it must adhere to HIPAA regulations. This means that various safeguards must be in place to protect data, including access and authentication restrictions, secure transfers, and appropriate data storage methods. Additionally, HIPAA requires healthcare organizations to sign business associate agreements (BAA) with their business associates before it is permitted to share PHI with them. Before using Google Voice in conjunction with personal health data, users must obtain a signed BAA with Google. Google Voice's free version is not HIPAA compliant because Google is unable to sign a BAA with customers using the free version of Google Voice. It's crucial to understand that Google Workspace can adhere to HIPAA regulations, but it's not yet configured when you purchase the subscription. Before moving forward, you must ensure settings such as access controls, audit controls, user authentication, and encryption are enabled and correctly configured. The BAA with Google must be signed; however, that is only the first step, not the only step, to achieving Google Voice HIPAA compliance.

Google Voice Cost

The costs for the paid versions of Google Voice for Google Workspace come in three tiers: Starter $10/user/month, Standard $20/user/month, and Premier $30/user/month. Each tier includes different features and limitations.

What is a BAA?

A BAA, which stands for business associate agreement, is a contract between a healthcare organization and a contractor or third-party service it utilizes. The BAA is intended to guarantee that both parties follow strict regulations to protect the security of PHI. Software suppliers are considered business associates under the HIPAA Privacy Rule summary when they create, receive, transmit, store, or preserve PHI on behalf of their covered entity clients. Before sharing PHI with their business associates, healthcare organizations are required under HIPAA to establish BAAs with them. Any healthcare organization using Google Voice must obtain a signed BAA from Google as it is a covered entity.

Is Google Voice encrypted?

Google enables Google Voice encryption, which masks sensitive data available only to authorized users. According to Google, data is encrypted in transit from a Google Voice client to Google and when stored at rest.

How can I use Google Voice in Healthcare?

Users can benefit from Google Voice because they don't require special devices for work. People can take business calls when not at the office and their Google Voice number can be active during working hours but silenced after working hours due to the Google Voice app integration with Google Calendar. Google Voice Standard and Premiere subscriptions can be an excellent choice for healthcare organizations because of their affordability and unique features such as unlimited calling, seamless integration with Google Workspace, allowing employees to use their personal devices, voicemail messages transcription, and more. Users must be aware that only the paid versions of Google Voice can adjust to HIPAA compliance once Google Workspace is appropriately configured.