How do I sign a business associate agreement with Google?

How do I sign a business associate agreement with Google? | Paubox

Last week we wrote about Google Workspace and how it compares to Paubox for its ability to provide HIPAA compliant email.

Our research concluded that while Google Workspace can be configured to be HIPAA compliant, it lacks functionality and even introduces a security vulnerability when it comes to actually sending HIPAA compliant email.

Read more: Comparing Google Workspace to Paubox for HIPAA compliant email (2023 update)

Up next, this post will answer the question: How do I actually go about getting a BAA signed with Google?

HIPAA and the BAA

As a recap, the Health Insurance Portability and Accountability Act (HIPAA) is a federal law that protects the privacy of individuals’ personal health information.

As we’ve previously discussed, HIPAA applies to covered entities, which includes healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.

business associate agreement (BAA) is a written contract between a covered entity and a business associate. It is required by law for HIPAA compliance. 

Google BAA

Complete information on the Google business associate agreement can be found here. More specifically, the HIPAA Included Functionality page outlines each Google product that is considered in scope for the Google BAA.

In addition, another helpful resource is the Google Workspace and Cloud Identity | HIPAA Implementation Guide.

Signing a BAA with Google

Unlike the Microsoft BAA where extra steps are not required, Google does require customers to do a bit more extra work to enter into a BAA with them.

The steps to enter into a BAA with Google are outlined here.

In a nutshell, they are:

  • Go to Menu ""and then""Account > Account settings > Legal and compliance.
  • Go to the Security and Privacy Additional Terms section.
  • Click Google Workspace/Cloud Identity HIPAA Business Associate Amendment to review the amendment.
  • Click Review and Accept and answer all three questions to confirm that you are a HIPAA covered entity.
  • To accept the HIPAA BAA, click OK .

Can Google use my organization’s business associate agreement?

No, Google will not use a customer’s business associate agreement.

Conclusion

There are a few additional steps to take to obtain a business associate agreement with Google.

Be aware that:

  • Google will not sign a customer’s BAA
  • The list of solutions that are in scope of the Google BAA are here

About the author

Hoala Greevy

Founder CEO Paubox. Kayak fishing when I can.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Highest rated HIPAA compliant email solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport
EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport