Can healthcare providers and its employees utilize Google Voice? Is this telephony service HIPAA compliant? Google Voice is a service provider of voicemail and voicemail transcription to text. It may be used for delivering text messages free of charge also. With its handy functions, a lot of healthcare pros want to use it not only during work but even for personal uses.
When a service is going to be used with protected health information (PHI), it should first be HIPAA compliant. To become HIPAA compliant, the service should be covered by the conduit exemption rule or it should employ controls and safety measures that meet the HIPAA Security Rule. Google Voice isn’t classified as a conduit such as fax, SMS and email services. Hence we should find out if it meets the prerequisites of the HIPAA Security Rule. The requirements of HIPAA compliance are listed below:
- There should be controls on access and authentication, audit, integrity and message transmission.
- The stored data files on the servers of Google should be secured utilizing the HIPAA standards.
- The service provider should first enter into a business associate agreement (BAA) as a reasonable guarantee.
Google must sign a BAA. Will Google do so? Google is ready to sign a BAA for its collection of services called G Suite, however, Google will not sign a BAA for the free consumer services since these services were designed for the personal use of customers.
Google Voice is not part of G Suite and anyone can use it for free. Therefore, Google Voice isn’t HIPAA compliant. It might be should Google decide to release Google Voice for businesses and willingly signs a BAA. Until then, these requirements must be totally satisfied. Using Google Voice along with any protected health information violates the HIPAA Rules.