Vendor BAA Guide

Does Google Cloud Platform Sign a HIPAA Business Associate Agreement?

Q: Does Google Cloud sign a HIPAA BAA?

Yes — Google Cloud Platform (GCP) signs a HIPAA BAA that customers can accept online through the Google Cloud Console. No sales call is required. The BAA covers a broad set of GCP services including Compute Engine, Cloud Storage, BigQuery, Cloud SQL, GKE, and Cloud Functions.

Q: How do I accept the GCP HIPAA BAA?

To accept the Google Cloud HIPAA BAA, navigate to your Google Cloud Console, go to IAM and Admin, then Compliance, and find the Business Associate Agreement section. You can review and accept the BAA directly in the console without contacting Google sales.

Q: Which Google Cloud services are HIPAA eligible?

HIPAA-eligible GCP services include Google Compute Engine, Cloud Storage, BigQuery, Cloud SQL, Google Kubernetes Engine, Cloud Functions, Cloud Run, Pub/Sub, Cloud Healthcare API, and many others. Google publishes a full list at their compliance documentation. Always check the current list before deploying PHI to a new service.

Q: Is Google Cloud or AWS better for HIPAA workloads?

Both Google Cloud and AWS are mature, HIPAA-eligible cloud platforms with comprehensive BAAs. The choice typically comes down to existing technology stack, team expertise, and specific service requirements. GCP offers the Cloud Healthcare API and strong data analytics capabilities; AWS has the largest ecosystem of healthcare-specific services and HIPAA-eligible offerings.

By BAA Generator Editorial · Published Apr 19, 2026 · Last reviewed Apr 19, 2026 · 5 min read

Key Takeaways

✓ Yes — GCP signs a HIPAA BAA accepted online via the Google Cloud Console
✓ No sales call required — the BAA is accepted through the console
✓ Covered services include Compute Engine, Cloud Storage, BigQuery, GKE, Cloud Healthcare API
✓ Not all GCP services are HIPAA eligible — check Google's current eligible services list

Direct answer: Yes — Google Cloud Platform signs a HIPAA BAA that customers accept online through the Google Cloud Console — no sales call required. The BAA covers a broad set of GCP services. Not all GCP services are covered; always check Google's HIPAA-eligible services list before processing PHI in any service. Verify current terms at cloud.google.com.

How to Accept the GCP HIPAA BAA

One of GCP's major advantages over some competitors: you can accept the HIPAA BAA entirely online without contacting a sales representative. The process:

Step 1: Sign in to your Google Cloud Console
Step 2: Navigate to IAM and Admin > Compliance (or search for "Business Associate Agreement")
Step 3: Review the Google Cloud HIPAA BAA
Step 4: Accept the BAA on behalf of your organization
Step 5: Document the acceptance date and retain records for your HIPAA compliance program

This self-service process makes GCP accessible for smaller healthcare organizations and startups that do not have enterprise sales relationships established.

HIPAA-Eligible Google Cloud Services

GCP Service	HIPAA Eligible?	Common Healthcare Use
Google Compute Engine	Yes	Healthcare application hosting
Cloud Storage	Yes	DICOM imaging storage, document storage
BigQuery	Yes	Population health analytics
Cloud SQL	Yes	Relational databases for patient data
Google Kubernetes Engine	Yes	Containerized healthcare applications
Cloud Functions	Yes	Serverless event-driven workflows
Cloud Run	Yes	Containerized API hosting
Cloud Healthcare API	Yes	FHIR, HL7v2, DICOM data management
Pub/Sub	Yes	Real-time health event streaming
Google Maps Platform	No	Not HIPAA eligible; avoid for PHI

Important: Not All GCP Services Are HIPAA Eligible

A common compliance mistake: deploying PHI to a GCP service that is not on Google's HIPAA-eligible list. Even with a BAA accepted, Google's BAA only covers the specific services listed. If PHI flows through an ineligible service, you are potentially in violation.

Before building any new component of a healthcare application on GCP, verify the specific service is on Google's current HIPAA-eligible services list. Google updates this list periodically as new services complete their compliance review.

GCP vs. AWS vs. Azure for HIPAA Healthcare Workloads

All three major cloud providers offer HIPAA BAAs and strong HIPAA-eligible service catalogs. The comparison:

GCP: Strong self-service BAA acceptance; excellent data analytics (BigQuery); Cloud Healthcare API is purpose-built for FHIR/HL7/DICOM
AWS: Largest ecosystem; most HIPAA-eligible services; AWS Marketplace has the most healthcare ISV solutions
Azure: Strongest Microsoft 365 integration; good for organizations already in the Microsoft ecosystem; Azure API for FHIR

Also see our related guide: Does Google Workspace sign a HIPAA BAA?

Frequently Asked Questions

Does Google Cloud sign a HIPAA BAA?

Yes — GCP's HIPAA BAA is accepted online through the Google Cloud Console. No sales call required. The BAA covers Compute Engine, Cloud Storage, BigQuery, Cloud Healthcare API, and many other services.

How do I accept the GCP HIPAA BAA?

Navigate to IAM and Admin in the Google Cloud Console, find the Business Associate Agreement section, and accept it online. No sales interaction required.

Which Google Cloud services are HIPAA eligible?

Major eligible services include Compute Engine, Cloud Storage, BigQuery, Cloud SQL, GKE, Cloud Functions, Cloud Run, Pub/Sub, and Cloud Healthcare API. Always check Google's current HIPAA-eligible services list before deploying PHI to any new service.

Is Google Cloud or AWS better for HIPAA workloads?

Both are mature platforms with strong HIPAA support. GCP excels in data analytics and offers the Cloud Healthcare API; AWS has the largest service catalog and healthcare ISV ecosystem. Choose based on your technical requirements and team expertise.

For a broader look at which vendors sign HIPAA BAAs, see our vendor BAA lookup guide.

Note: Vendor BAA policies change. Verify current terms directly with Google Cloud before making compliance decisions.

Need your side of the BAA?

Google Cloud provides their BAA — but you still need to execute BAAs with all your other vendors. Generate one in minutes.

Generate BAA for Free →