BBAA Atlas

Is Google Cloud Platform (GCP) HIPAA compliant?

Cloud infrastructure · vendor site ↗

Signs a BAAPHI with conditionsSOC 2 Type II
Will Google Cloud Platform (GCP) sign a HIPAA BAA?
Yes — Google Cloud Platform (GCP) will sign a HIPAA Business Associate Agreement (BAA).
Google enters into Business Associate Agreements with customers as necessary under HIPAA; the BAA is executed via the Cloud console/support and covers Google Cloud's entire infrastructure (all regions, zones, points of presence) at no extra cost across 80+ HIPAA-eligible products.
PHI eligibility
PHI may be stored and processed only after executing the Google Cloud BAA and using exclusively BAA-covered, generally-available services; pre-GA offerings must not handle PHI and the customer configures the environment to HIPAA requirements.
SOC 2
SOC 2 Type II
Trust center
cloud.google.com
Sub-processors
cloud.google.com
Notes
BAA covers 80+ HIPAA-eligible products (Compute Engine, Cloud Storage, BigQuery, Cloud SQL, GKE, Cloud Healthcare API, Vertex AI, etc.). No region restriction; same pricing as non-HIPAA customers. No HHS HIPAA certification exists; compliance is a shared responsibility.
Last verified 2026-05-31confidence: high· Vendor terms change — confirm directly with Google Cloud Platform (GCP) before storing PHI.

Get notified when this changes

We track Google Cloud Platform (GCP)'s BAA and HIPAA status. Leave your email and we'll send one note if the verdict on this page changes.

One email per change. No newsletter, no selling your address.

How to request and sign a BAA with Google Cloud Platform (GCP)

Yes — Google Cloud Platform (GCP) will sign a HIPAA Business Associate Agreement (BAA).

Request routeBy request — via trust center or support
  1. 1
    Confirm your account is covered
    Google enters into Business Associate Agreements with customers as necessary under HIPAA; the BAA is executed via the Cloud console/support and covers Google Cloud's entire infrastructure (all regions, zones, points of presence) at no extra cost across 80+ HIPAA-eligible products.
  2. 2
    Request the Business Associate Agreement
    Google Cloud Platform (GCP) provides the BAA on request. Open a request through Google Cloud Platform (GCP)'s trust center and ask for the current Business Associate Agreement covering your plan.
  3. 3
    Confirm what PHI is allowed before you store any
    PHI may be stored and processed only after executing the Google Cloud BAA and using exclusively BAA-covered, generally-available services; pre-GA offerings must not handle PHI and the customer configures the environment to HIPAA requirements. Match your configuration to this scope before putting protected health information into Google Cloud Platform (GCP).
Before you sign — watch for
  • The BAA may be US-only or region-specific — non-US teams should ask for the equivalent agreement.
Last verified 2026-05-31 · Plan tiers and BAA terms change often — confirm the current process directly with Google Cloud Platform (GCP) before you rely on it. This is cited public information, not legal advice.

Frequently asked questions

Does Google Cloud Platform (GCP) sign a HIPAA Business Associate Agreement (BAA)?
Yes — Google Cloud Platform (GCP) will sign a HIPAA Business Associate Agreement (BAA). Google enters into Business Associate Agreements with customers as necessary under HIPAA; the BAA is executed via the Cloud console/support and covers Google Cloud's entire infrastructure (all regions, zones, points of presence) at no extra cost across 80+ HIPAA-eligible products.
Is Google Cloud Platform (GCP) HIPAA compliant?
Google Cloud Platform (GCP) can be used in a HIPAA-compliant way: it signs a Business Associate Agreement (BAA), which HIPAA requires before you process PHI with a vendor. PHI may be stored and processed only after executing the Google Cloud BAA and using exclusively BAA-covered, generally-available services; pre-GA offerings must not handle PHI and the customer configures the environment to HIPAA requirements.
Can you store PHI (protected health information) in Google Cloud Platform (GCP)?
PHI may be stored and processed only after executing the Google Cloud BAA and using exclusively BAA-covered, generally-available services; pre-GA offerings must not handle PHI and the customer configures the environment to HIPAA requirements.
Is Google Cloud Platform (GCP) SOC 2 certified?
Google Cloud Platform (GCP) reports a SOC 2 Type II attestation according to its public security documentation.
How do I request a HIPAA BAA from Google Cloud Platform (GCP)?
Google Cloud Platform (GCP) provides the BAA on request. Open a request through Google Cloud Platform (GCP)'s trust center and ask for the current Business Associate Agreement covering your plan. Confirm current terms directly with Google Cloud Platform (GCP) before storing PHI.
What plan do I need to sign a BAA with Google Cloud Platform (GCP)?
Google enters into Business Associate Agreements with customers as necessary under HIPAA; the BAA is executed via the Cloud console/support and covers Google Cloud's entire infrastructure (all regions, zones, points of presence) at no extra cost across 80+ HIPAA-eligible products.

Sources

HIPAA Compliance on Google Cloud
https://cloud.google.com/security/compliance/hipaa
Supports: Google signs BAAs covering its entire infrastructure; PHI permitted on covered services after BAA; no region limits; 80+ covered productsdated: 2026-05-15
SOC 2 compliance — Google Cloud
https://cloud.google.com/security/compliance/soc-2
Supports: Google Cloud only issues SOC 2 Type II reports, available via Compliance Reports Managerdated: undated
This page is cited public information, not legal or compliance advice. A BAA's availability can depend on your specific plan, region, and contract. Always confirm current terms with Google Cloud Platform (GCP) before processing protected health information.

Check another vendor

Amazon Web Services (AWS)Signs a BAADigitalOceanBAA on select plansMicrosoft AzureSigns a BAAActiveCampaignBAA on select plansAcuity SchedulingBAA on select plansAdobe Acrobat SignBAA on select plans

See all HIPAA compliant cloud infrastructure & hosting
Browse all 105 vendors by category →