Standards, regulations & certifications

To help you with compliance and reporting, we share information, best practices, and easy access to documentation. Our products regularly undergo independent verification of security, privacy, and compliance controls, achieving certifications against global standards to earn your trust. We're constantly working to expand our coverage.

This site contains information about Google's certifications and compliance standards it satisfies as well as general information about certain region or sector-specific regulations.


Protecting health information.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that established data privacy and security requirements for certain entities and individuals aimed at safeguarding individuals' health information.

HIPAA mandates privacy and security protections for protected health information (PHI) and applies to individuals and entities that meet the definition of “covered entities” or “business associates” under HIPAA.

See more details about Google Cloud Platform compliance with HIPAA and G Suite compliance with HIPAA.

Google Cloud products that can be used by customers subject to HIPAA:

Customers who are subject to HIPAA and want to utilize any Google Cloud products in connection with PHI must review and accept Google's Business Associate Agreement (BAA). Not all Google Cloud products are designed to comply with HIPAA and only certain specified products are covered under the BAA. Google ensures that the Google products covered under the BAA have completed the ISO and SOC certifications.

The Google Cloud Platform BAA covers GCP’s entire infrastructure (all regions, all zones, all network paths, all points of presence), and the following products:

Google Cloud Platform:
Cloud Identity
G Suite:

Please see HIPAA included functionality for the G Suite BAA.