Modern business solutions are making our office lives more convenient on an almost daily basis as well as fundamentally changing the way we transmit and store our most vital information.

Google Apps and Office 365 are each in their own right amazing tools for efficient data-sharing and document collaboration but as technology continues its steady advance into everyday life data security is becoming a primary concern – particularly in the healthcare space.

Am I HIPAA compliant with Google Apps or Office 365?


If any of the data your business will be handling is classified Protected Health Information (PHI) you’ll need to ensure that your chosen platform’s security levels are robust enough to meet HIPAA standards. So the question posed: Am I HIPAA compliant with Google Apps or Office 365? The short answer: Yes – but you may need to take action first.

For Google Apps users in order to be on your way to full compliance you’ll simply need your platform administrator to file a Business Associate Agreement (BAA) with Google. Google’s HIPAA compliance is able to extend to Gmail, Google Calendar, Google Drive, and Google Apps Vault services but action on your part (or your admin’s) is required. Note that Google excludes its legacy free accounts (those Google Apps accounts offered to customers prior to December 2012 also known as “standard accounts”) from filing a BAA – so the unfortunate news is that if you’re lucky enough be using a free Google Apps account you’ll be forced to pay for this additional layer of data security compliance. More detailed information on Google’s security policies and certifications can be found here.

Please remember: It’s important that you file a BAA before beginning to work with PHI data to ensure compliance and that it is your responsibility to determine whether or not HIPAA regulations apply to you.


For Microsoft Office 365 users: Congratulations! You are already HIPAA-compliant and can access your Microsoft-notarized BAA here. Microsoft prides itself on being the “first major business productivity public cloud service provider to sign requirements for the HIPAA BAA with all customers.” More detailed information about Microsoft’s security policies and certifications can be found here.

The great news is that both Google and Microsoft take PHI data security and HIPAA compliance very seriously and will work with your administrator to ensure that you are fully protected and up-to-code. Also if you need more information or advice we’re more than happy to help! Please don’t hesitate to contact Bi101 for a free consultation on your specific needs with Google or Microsoft!

HIPAA compliant with Google Apps or Office 365