Skip to main content
Skip table of contents

Google Workspace and HIPAA Compliance

Google Workspace is UNC Asheville's supported and approved platform for storing Personal Health Information (PHI). UNC Asheville has signed a Business Associate Amendment with Google, making most core Google services HIPAA compliant.

Core Google services where PHI may be stored

The following core Google services are approved for the storage of Personal Health Information (PHI).

  • Gmail 
  • Calendar 
  • Drive (including Docs, Sheets, Slides, and Forms) 
  • Tasks 
  • Keep 
  • Sites 
  • Jamboard 
  • Hangouts classic (chat messaging feature only) 
  • Chat 
  • Meet 
  • Google Groups

Core Google services where PHI may not be stored

Do not store Personal Health Information (PHI) in the following core Google service.

  • Contacts

Consumer Google services

Consumer Google services are not approved for the storage of Personal Health Information (PHI). These include, but are not limited to: YouTube, Google Photos (the specific service named Photos; this does not apply to photographs stored in Google Drive), Google Play, Scholar, etc.

Do not store Personal Health Information (PHI) in any service not listed under the "Core Google services where PHI may be stored" heading above.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close