Using GSuite in compliance with HIPAA
HIPAA is the Health Insurance Portability and Accountability Act. In short, it requires any organization that handles protected health information (PHI) to act as trustworthy and cyber-secure stewards of that data. Most often people associate this with doctors’ offices. You wouldn’t want your personal health records to be publicly available. Nor would you want your data sold to advertisers to monetize your most private data, likely without your knowledge.
Any organization that will collect or store PHI must be aware of the laws regarding HIPAA and ensure those systems for collection and storage are also HIPAA compliant. Enter GSuite, or Google Workplace, as it is most recently branded. It is fully capable of protecting data within its ecosystem, but your organization must first opt in for this type of protection.
This Google Help Article: HIPAA Compliance with Google Workspace and Cloud Identity has the most up to date information on how to enable these features in your instance. Essentially, you just need to check a box and and answer a couple of simple yes/no questions. Inside the Admin Console, navigate to Account > Account Settings > Legal and Compliance. There you will find Security and Privacy Additional Terms for Cloud Data Processing Addendum to Google Workspace or Cloud Identity Agreement. Review the appropriate clauses and if your organization fits and requires this additional layer of security, click Review and Accept.