Yes, Google Voice can be HIPAA compliant if it’s used under a HIPAA secure G Suite account according to HIPAA guidelines.
There is some nuance to this. Let’s unpack it with questions like:
- Why is compliance possible?
- How can I make Google Voice HIPAA secured?
- What does HIPAA compliance mean?
- Is Google Voice Compliant with Kari’s Law and Ray Baum’s Act?
- Will Google Voice work for my organization?
With this information, you’ll have a fuller understanding of whether or not Google Voice will work as a telecom solution for your healthcare organization. Ready? Let’s dive in.
Why Is Compliance Possible? The History of Google Voice HIPAA Compliance
We’ll start at the beginning. Initially, Google Voice was brought to market as a consumer product in 2009 after Google acquired GrandCentral. Because it was geared toward consumers, the service was not meant to be HIPAA secure, and so Google didn’t bother to make it that way – all the way up until 2018.
Then, in 2018, Google added Google Voice as an option within G Suite. In doing so, it enabled the solution for protection under Google’s G Suite agreements. Google will sign a BAA for G Suite to make its offerings HIPAA secure, so Google Voice can now be included in that agreement.
What is a BAA?
For this to make any kind of sense, you’ll need to be familiar with the acronym BAA, which is short for Business Associate Agreement.
Per HHS, a “business associate” is any “entity that performs certain functions or activities that involve the use or disclosure of protected health information [PHI] on behalf of, or provides services to, a covered entity.”
Businesses that function as “business associates” must sign agreements assuming the appropriate responsibilities for HIPAA compliance (as stipulated in the act and dependent on the functions being carried out).
Basically, if you’re communicating protected health information via Google products (like Google Voice or G Mail), Google is a “business associate”. And, in order for everything to be legally compliant, they need to sign off on that fact.
How Can I Make Google Voice HIPAA Secure?
Again, Google will sign a BAA for G Suite that will legally make all of the solutions within an account HIPAA secure.
It’s relatively easy to set up – it simply requires clicking through a series of steps in your G Suite admin account.
- Log into your admin account at admin.google.com
- Click into your company profile. Click “show more.”
- Click “Legal and Compliance.”
- Scroll to “Security and Privacy Additional Terms.”
- Review and accept “G Suite / Cloud Identity HIPAA Business Associate Amendment”
- Answer the questions in the popup module and click “Accept.”
And that’s it. (If you do get stuck, here’s a video that walks you through the process.)
With this done, your G Suite is HIPAA secure. From this point on, if you use Google Voice in accordance with HIPAA regulations, it will be HIPAA compliant.
What Does HIPAA Compliance Mean?
Again, just because Google Voice can be HIPAA secure does not mean that it’s necessarily being used in a way that is HIPAA compliant.
HIPAA compliance means that businesses are complying with the regulatory standards outlined in the Health Insurance Portability and Accountability Act of 1996. This act was meant to regulate the lawful se and disclosure of protected health information (PHI) – in other words, patients’ data.
Importantly, HIPAA compliance is not static – it must be culturally embedded and maintained in every business practice. If practices slip, you’re no longer compliant. Make sure your users are trained accordingly.
It’s helpful to read through the legislation to understand what full compliance entails.
Is Google Voice Compliant with Kari’s Law and Ray Baum’s Act?
Additionally, while Google Voice can be HIPAA secure, HIPAA is only one of the acts you’ll need to comply with. If your medical office has phones in multiple rooms, you’ll need to make sure that you’re also compliant with Kari’s Law and Ray Baum’s Act.
This regulation stipulates that calls to 9-1-1 must not require a prefix for dialing (as in dialing “1” or “9” before dialing 9-1-1). The regulation also requires that 9-1-1 calls pass granular data (room numbers, etc.) to emergency responders so that, on response, dispatchers know exactly where to address the situation.
If properly configured, Google Voice can be compliant with these regulations as well.
Will Google Voice work for my organization?
With these compliance issues considered, there’s still a larger question to ask: will Google Voice be a good solution for your business?
The answer is that it depends on your needs. Google Voice is most effective in small businesses settings, where cost efficiency is the main consideration and routing setup is simple. So, for organizations with only a few phone lines, it can work well.
In larger, corporate settings, though, it may not be sufficient.
Tools like auto call distribution, hunt groups, auto-attendant configuration, and more are lacking.
If you’re looking for a HIPAA-compliant solution for a larger or more customized environment, you’ll be better served by working with a provider like Teltek so that you get an office phone system that’s both compliant and built to your needs.
Instead of Google Voice, we believe that the best phone system for most small-to-mid-sized offices is Teltek’s Nebulosity Voice Cloud PBX. It’s a low-cost option that gives access to big-business features such as video conferences, screen sharing, instant messaging, detailed reporting, and collaboration across multiple desks and office locations. Employees can also connect in the office or while on the road via their smart phones without exposing their personal phone numbers in caller ID.
Want Expert Help with Telecom Regulatory Compliance?
Hopefully, this information has been helpful as you consider Google Voice HIPAA compliance and other regulatory requirements.
At Teltek, we equip businesses in the DC and Maryland areas with trusted telephony tools and support. If your business is looking to implement an office phone solution, we can help.
Unlike “big” national providers, we take the time to come onsite to make sure we create the perfect solution for you. And our techs are telecom experts. If you’re ready to stop worrying about whether your systems are compliant under HIPAA and other telecom acts, reach out to us today for a free consult.