BBAA Atlas

Is Google Workspace HIPAA compliant?

Productivity suite · vendor site ↗

BAA on select plansPHI with conditionsSOC 2 Type II
Will Google Workspace sign a HIPAA BAA?
Sometimes — Google Workspace signs a HIPAA BAA only on specific plans or add-ons.
Google offers a HIPAA BAA to any paid Workspace/Cloud Identity customer via the Admin console (not free consumer Gmail), covering only services on the HIPAA Included Functionality list.
PHI eligibility
PHI may be stored in covered services after electronically accepting the BAA in the Admin console and configuring controls; only services on the HIPAA Included Functionality list are in scope and third-party add-ons are excluded.
SOC 2
SOC 2 Type II
Trust center
workspace.google.com
Sub-processors
workspace.google.com
Notes
Available across paid editions; Enterprise editions recommended for DLP/audit controls. Certain Gemini features are now on the Included Functionality list.
Last verified 2026-05-31confidence: high· Vendor terms change — confirm directly with Google Workspace before storing PHI.

Get notified when this changes

We track Google Workspace's BAA and HIPAA status. Leave your email and we'll send one note if the verdict on this page changes.

One email per change. No newsletter, no selling your address.

How to request and sign a BAA with Google Workspace

Sometimes — Google Workspace signs a HIPAA BAA only on specific plans or add-ons.

Request routeSelf-serve — enable it in your account
  1. 1
    Get on a qualifying plan
    Google offers a HIPAA BAA to any paid Workspace/Cloud Identity customer via the Admin console (not free consumer Gmail), covering only services on the HIPAA Included Functionality list.
  2. 2
    Request the Business Associate Agreement
    Google Workspace lets you obtain the BAA without a sales call. Follow the path named in the plan requirement above — typically an in-product toggle or a billing / compliance settings page — then request and accept the agreement from your own account.
  3. 3
    Confirm what PHI is allowed before you store any
    PHI may be stored in covered services after electronically accepting the BAA in the Admin console and configuring controls; only services on the HIPAA Included Functionality list are in scope and third-party add-ons are excluded. Match your configuration to this scope before putting protected health information into Google Workspace.
Before you sign — watch for
  • No BAA on the free / consumer tier — you must be on a qualifying paid plan first.
Last verified 2026-05-31 · Plan tiers and BAA terms change often — confirm the current process directly with Google Workspace before you rely on it. This is cited public information, not legal advice.

Frequently asked questions

Does Google Workspace sign a HIPAA Business Associate Agreement (BAA)?
Sometimes — Google Workspace signs a HIPAA BAA only on specific plans or add-ons. Google offers a HIPAA BAA to any paid Workspace/Cloud Identity customer via the Admin console (not free consumer Gmail), covering only services on the HIPAA Included Functionality list.
Is Google Workspace HIPAA compliant?
Google Workspace can be HIPAA-compliant only on the specific plans or add-ons where it will sign a Business Associate Agreement (BAA). PHI may be stored in covered services after electronically accepting the BAA in the Admin console and configuring controls; only services on the HIPAA Included Functionality list are in scope and third-party add-ons are excluded.
Can you store PHI (protected health information) in Google Workspace?
PHI may be stored in covered services after electronically accepting the BAA in the Admin console and configuring controls; only services on the HIPAA Included Functionality list are in scope and third-party add-ons are excluded.
Is Google Workspace SOC 2 certified?
Google Workspace reports a SOC 2 Type II attestation according to its public security documentation.
How do I request a HIPAA BAA from Google Workspace?
Google Workspace lets you obtain the BAA without a sales call. Follow the path named in the plan requirement above — typically an in-product toggle or a billing / compliance settings page — then request and accept the agreement from your own account. Confirm current terms directly with Google Workspace before storing PHI.
What plan do I need to sign a BAA with Google Workspace?
Google offers a HIPAA BAA to any paid Workspace/Cloud Identity customer via the Admin console (not free consumer Gmail), covering only services on the HIPAA Included Functionality list.

Sources

HIPAA Compliance with Google Workspace and Cloud Identity
https://knowledge.workspace.google.com/admin/compliance/hipaa-compliance-with-google-workspace-and-cloud-identity
Supports: BAA acceptance process; Included Functionality scope; paid plans onlydated: undated
Google Workspace HIPAA Business Associate Amendment
https://workspace.google.com/terms/2015/1/hipaa_baa/
Supports: BAA terms and customer obligationsdated: undated
This page is cited public information, not legal or compliance advice. A BAA's availability can depend on your specific plan, region, and contract. Always confirm current terms with Google Workspace before processing protected health information.

Check another vendor

Microsoft 365 (Office 365)BAA on select plansActiveCampaignBAA on select plansAcuity SchedulingBAA on select plansAdobe Acrobat SignBAA on select plansAircallSigns a BAAAirtableBAA on select plans

See all HIPAA compliant docs & collaboration tools
Browse all 105 vendors by category →