Tool compliance guides
Is your tech stack HIPAA compliant?
Most workplace tools can be made HIPAA compliant — but only on the right plan, with the right settings, and a signed BAA. The default configuration is almost never enough. These guides cover exactly what each tool requires.
Zoom
Yes — with Zoom for Healthcare or Business+ plan, signed BAA, and configured settings.
Read full guide →
Gmail
Free Gmail: No. Google Workspace with BAA and admin configuration: Yes.
Read full guide →
Google Workspace
Yes — on paid plans with a signed BAA and proper admin settings.
Read full guide →
Microsoft Teams
Yes — with Microsoft 365 Business/Enterprise plan, BAA, and admin configuration.
Read full guide →
Dropbox
Only Business/Enterprise plans with a signed BAA. Free, Plus, and Family: No.
Read full guide →
Slack
Only Enterprise Grid. Free, Pro, and Business+: No BAA available.
Read full guide →
Faxing
Traditional analog fax: Yes. Cloud fax and email-to-fax: Only with BAA and encryption.
Read full guide →
AWS
Yes — with a signed BAA and HIPAA-eligible services properly configured. Patient Protect runs on AWS.
Read full guide →
Voicemail
Leaving voicemails is allowed. But cloud voicemail systems need a BAA, and message content must follow minimum necessary rules.
Read full guide →
Standard email: No. HIPAA compliant email requires encryption, BAA, access controls, and DLP.
Read full guide →
A tool being HIPAA compliant does not make your practice compliant.
Configuring Zoom, Gmail, or Dropbox for HIPAA compliance is one layer of your security posture. You still need a risk assessment, policies and procedures, workforce training, vendor BAA management, incident response procedures, and continuous monitoring across every system that touches patient data.
Patient Protect tracks your full compliance posture — not just individual tools. Risk assessment, policy generation, training tracking, vendor management, and real-time compliance scoring in one platform. Starting at $39/month.