Google Calendar has affirmed that it enables HIPAA compliance and that access, security, and audit controls ensure the safety of protected health information (PHI).
Google Calendar is a service offered through Google Workspace (formerly G Suite) that makes it easy for users to track appointments and manage their schedules. This tool appears to ensure the safety of PHI, as long as you configure the security, access, and audit settings to prevent the disclosure or misuse of PHI.
The default settings in Google Calendar share all information with team members in your domain. Security features allow you to set meetings that involve PHI to “Private” to maintain confidentiality. This setting shows the time as “Busy” without disclosing information about the meeting. With proper privacy settings, the program won’t include PHI, such as the title and description, in the meeting details.
Covered entities should be on a paid Google Workspace Business or Enterprise plan. Paid plans give users the option to manage Google Calendar security controls to meet HIPAA requirements.