Paubox blog: HIPAA compliant email made easy

Can Google Meet be used for teletherapy?

Written by Dean Levitt | March 03, 2023

Google Meet can be used for teletherapy if configured correctly with a Business Associates Agreement. Not all versions of Google Meet are HIPAA compliant, and certain features like recording may not be compliant.

 

Teletherapy in a remote-friendly world

In a remote-friendly world, teletherapy has increased access to mental health care for people who might not otherwise receive it. According to the American Psychological Association, "A whopping 96% of psychologists who responded said that telehealth is effective therapeutically."

Also known as online therapy, virtual therapy, or e-therapy, teletherapy is often done through video-conferencing platforms, particularly Zoom and Google Meet. HIPAA guidelines require that the platform be HIPAA-compliant and that appropriate steps are taken to protect patient privacy and security.

Related: HIPAA privacy and security guidelines as they relate to telehealth

What about the Notification of Enforcement Discretion?

During the COVID-19 pandemic, the Office for Civil Rights (OCR) issued a Notification of Enforcement Discretion, stating that it would not impose penalties for noncompliance with specific HIPAA regulations for therapists who used telehealth in good faith to deliver mental health services to patients during the pandemic. This allowed providers to use non-HIPAA compliant video conferencing tools such as Skype, Zoom, or FaceTime for telehealth visits.

As of writing (March 2023), the OCR has not provided a specific end date for the relaxed regulations. Therapist providers should continue to monitor OCR updates and ensure they comply with all HIPAA regulations applicable to their telehealth practices. Regardless, protecting patient information should be paramount, and using HIPAA compliant platforms for teletherapy is the safer option for your practice and patients. 

RelatedComparing Google Workspace to Paubox for HIPAA compliant email (2023 update)

 

So, is Google Meet HIPAA compliant?

If a healthcare provider uses Google Meet to provide teletherapy services to patients, a Business Associate Agreement (BAA) is needed.

Under HIPAA regulations, a BAA is required when a covered entity discloses protected health information (PHI) to a business associate (BA) for certain functions, such as for data analysis, claims processing, or storage of PHI. If a therapist uses Google Meet to provide teletherapy services and PHI is disclosed or transmitted through the platform, then a BAA with Google may be required. 

Google has stated that its Google Workspace and Google Meet products are compliant with HIPAA regulations and that it is willing to sign BAAs with healthcare providers who use those products to transmit and store PHI. However, it's important to note that not all versions of Google Meet are HIPAA compliant and that certain features, such as recording, may not be compliant.

Therefore, healthcare providers using Google Meet for teletherapy services should evaluate the version of Google Meet they plan to use and the specific features they will use to determine whether a BAA is required. 

If a BAA is needed, you can get a signed BAA from Google before using the platform with patients. Additionally, healthcare providers should implement appropriate safeguards to protect patient privacy and security when using Google Meet for telehealth services.

So, can Google Meet be used for teletherapy?

Conclusion: Google Meet can be configured for HIPAA compliance.

 

Other ways to keep PHI safe during teletherapy

Teletherapy still offers some risks beyond encrypted video platforms. Therapists should still be careful to protect patients' PHI:

  • Use HIPAA compliant email to communicate with patients.
  • Make sure calls aren't recorded.
  • Be careful showing PHI on screens where it could be captured by a screenshot tool.
  • Ensure no one can overhear the teletherapy session.

Related: When should you ask for a business associates agreement?