Google Drive has stated that it is HIPAA compliant and will sign a Business Associate Agreement (BAA). It offers access control, allowing only authorized personnel to access ePHI, as well as activity logs and audit controls to register any attempts to access ePHI.
Just so you know
Google appears willing to sign a BAA with healthcare companies that use G Suite, but not until all security protocols are in place. Using G Suite to transmit or store PHI before you have the BAA in place is risky.
Healthcare companies have embraced G Suite because of its robust security features and low cost.
Setting up a HIPAA-compliant Gmail account
Simply purchasing G Suite doesn’t make your email HIPAA compliant. To use Gmail, even with G Suite, you must configure your account correctly.