Is Google Forms HIPAA compliant?

Published on June 9, 2022

01_Featured Image_Are Google Forms HIPAA compliant

Forms, forms, forms, and more forms…

Your practice management relies on collecting your clients’ health information with forms. 

But do you know if you’re collecting their information securely and in compliance with HIPAA?

If you’re unsure, chances are you’re one of these three practitioners…

Is Google Forms HIPAA compliant?

Can you relate? You might be looking around for a form service that can better give you what you need. And you might be wondering about Google Forms. 

Google Forms can be HIPAA compliant, but…

Many of you probably have personal Gmail accounts, and it might be tempting to turn to Google as a one-stop-shop for everything.

However, there could be a better choice that you don’t know about yet. 

By the end of this article, you’ll be clear on whether or not Google Forms is a good solution for your practice. 

And if you decide it’s not, don’t worry. We’ll introduce you to an alternative.

Let’s take a look at how you can make Google Forms HIPAA compliant. 

You’ll need to sign up for a Google Workspace account

That’s because Google Workspace (previously called G Suite) comes with a business associate agreement (BAA). HIPAA requires you to have one. We’ll talk more about BAAs in the next section.

The $6-per-month Business Starter option will give you what you need.

Is Google Forms HIPAA compliant?

$6 plus the cost of a domain. 

If you don’t already have a domain, you’ll need to get one to use Google Workspace.

A domain is the part after the @ symbol in an email address.

Is Google Forms HIPAA compliant?

You can read about how to get a domain in our blog post Is Gmail HIPAA compliant? Potentially…

Then, you’ll need a signed business associate agreement

Google calls this their business associate amendment, but it’s the same thing. 

A BAA is a legal document that holds Google accountable for complying with HIPAA and protecting your clients’ health information when it’s in their hands. 

To support your HIPAA compliance, you need a BAA for every service provider who might handle protected health information (PHI).

To find the BAA in your Google Workspace account, you’ll have to go through the following steps:

  • Go to admin.google.com and log in to the admin panel
  • From the menu, select Account and then Account settings 
  • Scroll down and click on the Review and Accept button 

You’ll need to answer some questions about your practice before being directed to review and accept the BAA.

Here’s an example of what Google’s BAA looks like:

05_Google HIPAA BAA_Is Google Forms HIPAA compliant

Finally, adjust your account settings according to Google's HIPAA guide

This mostly involves turning off the apps that their BAA doesn’t cover. However, there’s a lot of valuable information in the guide. We recommend reading through the entire thing at least once. 

Google’s HIPAA Implementation Guide

Is Google Forms HIPAA compliant?

A Google BAA is key

As we mentioned earlier, a BAA is Google’s agreement to keep any PHI that enters Google Forms protected and secure. 

The apps that Google includes in the BAA are the ones that come with Google Drive (Google Docs, Sheets, Slides, and Forms). 

Some Google Core Services, such as Contacts, aren’t included in the BAA. If you plan to use Google Forms along with Gmail, you must be aware of this issue since Contacts is closely linked. 

Other services offered by Google, such as YouTube, Blogger, and Google Photos, are also not included under the BAA. 

Google’s HIPAA Guide instructs you to disable any services that aren’t included in the BAA, so someone doesn’t accidentally use them with sensitive data.

Plan on using Gmail with Google Forms? Be sure to read our blog post Is Gmail HIPAA compliant? Potentially…

The benefits of Google Forms

You’re already familiar with Google. Google’s a household name, after all. And “familiar” is often interpreted as “trusted.” 

It’s also a plus that Workspace comes with many other Google apps to use in your practice. Not just forms but email, contacts, spreadsheets, and slides. 

However, just because something’s familiar and offers extra tools doesn’t mean it’s the best solution. 

Google offers a lot, and it’s tempting to dive in and use it all. But don’t forget… 

Google’s BAA doesn’t cover everything (Contacts, for example). Anything not covered by the BAA isn’t HIPAA compliant. 

Is Google Forms HIPAA compliant?

The downside to Google Forms

Google might do regular email very well and offer useful tools, such as forms, suitable for many professions. 

However, Google isn’t necessarily the best choice for all professions. Healthcare’s one of those. 

No healthcare forms

As you know, healthcare requires very specific forms so you can make sure you’re collecting the right information. Form templates give you something ready-made that you can use as-is or modify to suit your practice. 

Google doesn’t provide any healthcare templates in its template gallery. 

That’s right. All those intake forms, Good Faith Estimate forms, screening forms… Google offers none of them.

Here are the templates Google offers for work. As you can see, they aren’t much help for a healthcare practice.

Is Google Forms HIPAA compliant?

Requires you to create all your forms from scratch

If you think you can sign up for Google Workspace and start sending forms to your clients right away, think again. Without healthcare templates, you have to create all of your forms from scratch. 

That means painstakingly typing in (or copying and pasting) each question, making sure there are no typos, ensuring it looks professional, etc. That could take a while!

Is Google Forms HIPAA compliant?

No templates to help with changing healthcare laws

When the No Surprises Act went into effect, practitioners had to find or create a Good Faith Estimate form that met the requirements. 

Practitioners who had a GFE template to use were able to quickly comply with the law. But they didn’t find one in Google’s selection of templates. 

Because Google Forms wasn’t made for healthcare, it’s unlikely you’ll ever find a template to help you deal with healthcare laws.

No special healthcare features

Google Forms does offer templates, but they’re limited. And they don’t include special features that are helpful in healthcare, such as body charts. Body charts are useful for a variety of specialties (e.g., physical therapy, chiropractic)  because they allow clients to pinpoint areas of pain and discomfort. They can even be used by behavioral health therapists in CBT homework

No questionnaires that calculate a score

They also don’t provide any self-administered questionnaires that calculate a score for you. These forms are helpful because they allow you to quickly assess your client. If you use the PHQ-9 often to screen your clients for depression, scoring by hand can be quite time-consuming. These questionnaires give you back that time.

No e-signatures right out of the box

Google Forms doesn’t automatically let you sign forms electronically with legally binding signatures. You can add this feature, but that requires another app. One that isn’t covered under Google’s BAA and could be time-consuming to set up. 

Need to purchase a domain

Google Workspace requires that you own a domain, and most domain names will cost you between $12-$60/year. This may or may not be a problem for you. If you have your own website, you can use that domain. But if you don’t, figuring out a domain for your practice might be more than you want to deal with right now. 

Is Google Forms HIPAA compliant?
There’s a better option: try Hush™ Secure Forms

Google Forms might be great for many people, but it’s not great for healthcare practitioners.

There are much better options that were created with healthcare in mind.

Like Hush™ Secure Forms that gives you healthcare-specific templates (e.g., health screenings) and features like body charts. You can also add legally binding e-signatures.

Is Google Forms HIPAA compliant?

At Hushmail, we train our support staff so they can handle issues specific to healthcare. Just a phone call, email, or chat message will connect you with a real person.

You’re free to use your own domain if you have one. Or you can use domains like @therapysecure.com, @counselingmail.com, and a few others for free.

Let’s take a look at how Hush™ Secure Forms and Google Forms compare.

  Hush™ Secure Forms Google Forms
BAA
Healthcare templates (such as intake forms) ✅ 
Specialized healthcare templates (such as the PHQ-9 that calculates a score) ✅  ❌ 
Body charts ✅  ❌ 
Support specifically trained for healthcare ✅  ❌ 
Built-in legally binding e-signatures ❌ 
Free domain options ❌ 
Find out more Hush™ Secure Forms Google Forms

 

Also, Hush™ Secure Forms works seamlessly with our HIPAA-compliant email and is covered by the same BAA. They both keep your clients’ personal health information safe.

Conclusion: So is Google Forms HIPAA compliant?

Google Forms can be HIPAA compliant as long as you take steps to make it secure. However, the forms aren’t very good in a healthcare setting. 

You'll spend extra time creating and managing the forms you need. That's more admin time and less time with clients. 

It’s much easier to use a service like Hush™ Secure Forms that was specifically created with healthcare practitioners in mind.

So…

Now that we’ve reached the end of the post, how do you feel? 

Is Google Forms your best choice, or do you want something more healthcare oriented?

If you’ve decided that Hush™ Secure Forms is what you need for your practice, we’d be happy to get you set up today. 

Find out more about Hush Secure Forms

Subscribe to our newsletter

...and we’ll send 6 tips to make sure your emails are truly HIPAA compliant straight to your inbox.