Compliance

Google Workspace HIPAA Checklist

Audit your Google Workspace configuration for HIPAA compliance. Select the Google services you use, check 30 configuration items, and get a personalized compliance score with prioritized remediation steps.

5-10 min 30 checklist items 5 categories 100% Free
Start Assessment

Is Your Google Workspace HIPAA Compliant?

Google Workspace can be configured for HIPAA compliance, but it doesn't come that way out of the box. Many therapists and clinicians sign a BAA with Google and assume they're covered — but there are dozens of admin settings that need to be locked down.

Common mistakes include:

  • Signing the BAA but never adjusting sharing or access settings
  • Leaving link sharing set to "Anyone with the link" in Drive
  • Not enforcing 2-factor authentication for all users
  • Allowing external chat or Meet guests without restrictions

This checklist walks you through the critical configuration items for each Google service you use, so you can verify your setup is actually compliant.

Start Your Google Workspace HIPAA Audit

Select your Google services, then review 30 configuration items across 5 categories.

How This Tool Works

  1. Select your services — Choose which Google Workspace services your practice uses (Gmail, Drive, Meet, etc.)
  2. Review each item — Go through the checklist category by category. Items that don't apply to your selected services are shown as grayed out.
  3. Get your results — See your compliance score, category breakdown, and a prioritized action plan.

Response Types:

  • Most items are Yes/No (in place or not)
  • Some items offer Yes / No / Partially / Not Sure — "Partially" counts as 50% credit, "Not Sure" counts as 0 but is flagged separately in your action plan

Score Thresholds:

  • 90%+ Excellent — Strong compliance configuration
  • 75-89% Good — Minor gaps to address
  • 50-74% Needs Work — Significant configuration gaps
  • Below 50% At Risk — Prioritize immediate action

Tip: If you're not sure about an item, select "Not Sure" — your action plan will tell you exactly where to check.

Official Resources

Google Workspace HIPAA Implementation Guide

Google's official guide for configuring Workspace for HIPAA compliance

Google BAA for Workspace

Google's Business Associate Agreement terms and covered services

Google Workspace Security Best Practices

Google's recommended security checklist for admins

HHS HIPAA for Professionals

Official HHS guidance on HIPAA requirements

HIPAA Security Rule Guidance

Technical guidance on implementing HIPAA security requirements

Frequently Asked Questions

Common questions about Google Workspace HIPAA compliance.

Stay Updated on Compliance Requirements

Get notified about HIPAA updates, compliance tips, and new tools for private practice.