Communication Platforms and HIPAA Compliance

HIPAA
May 6, 2021
In this blog, we’ll walk through 4 of the most popular business communication platforms on the market and how they can be used in a HIPAA-compliant manner.

Communication Platforms and HIPAA Compliance

How to make Popular Communication Platforms HIPAA Compliant 

The ability to easily communicate between team members is important for any organization of any size within any industry. Whether that looks like the boss sending important messages out to a certain group regarding team meetings or a quick casual conversation between two coworkers, it is something that helps foster collaboration and connection within an organization. Especially as we have seen the trend grow for organizations to operate partially or even fully remote, the need for a good communication platform increases as well. In this blog, we’ll walk through 4 of the most popular business communication platforms on the market and how (or if) they can be used in a HIPAA compliant manner. Here we go! 

Microsoft Teams

What is Microsoft Teams?

One of the most popular business communication platforms in the industry is Microsoft Teams, which is a useful messaging platform that can integrate with other Microsoft 365 products. Teams offers workplace chat rooms, file storage, video conferencing, and integration with other useful applications. In more than 45 different languages, individuals can meet, chat, call, and collaborate with one another in one place.  

Most commonly, Microsoft Teams is used for team members to communicate in individual chats, group chats, or channels which can range from strictly professional topics like sales software integrations to casual channels where coworkers can use GIFs and emojis to chat about their weekend plans. In the last year of dealing with the COVID-19 pandemic and a quick transition to working from home, Microsoft Teams has seen a strong increase in the number of organizations and individuals use their platform. 

Microsoft Teams & HIPAA Compliance 

Microsoft Teams is a part of Office 365, which Microsoft has taken the steps and undergone independent audits to ensure their security and compliance in partnering with HIPAA compliant organizations through this software. However, that does not necessarily mean that Microsoft Teams is guaranteed to be HIPAA compliant. For all organizations that use Microsoft Teams in a manner that allows the software access to any form of PHI at any time, then a business associate agreement must be signed with Microsoft. Once the BAA is in place, you can trust that both parties are accepting liability for their participation in protecting PHI. You still must be careful to only use Teams in a HIPAA compliant manner meaning that it is only used on company encrypted internet, on a device with two-factor authentication and access logs, among other best-practice technical safeguards that should be followed. 

Slack

What is Slack?

Slack is an industry-leading business communication platform that contains various features to improve team communication in a similar and more user-friendly method than email or texting. The channels are able to be created in both public or private manner depending on who from the workplace should be involved in certain projects or topic discussions.  Some other notable Slack features are the emoji keyboard for message reactions, direct messaging, and the ability to search all content, files, or conversations to refer back to old information when necessary.

Since its launch in 2014, Slack has garnered over 10 million daily users of the software. One of the draws to this software is the integration capabilities with popular third-party services like Good Drive, Zendesk, Dropbox, Zapier, Trello, and others. Although it is clearly a widely popular software for use in organizations of all kinds, there is often also confusion about whether or not this software is HIPAA compliant. Slack has taken steps to answer this question both logistically and through the provided information on their website. 

Slack & HIPAA Compliance 

Although Slack is one of the most popular and widely used team communication platforms, when healthcare organizations are seeking to choose a software to use, they will need to do a deeper level of research on the software. Unfortunately, Slack does not guarantee HIPAA compliance with standard usage of the software. Luckily the upgraded Slack plan, Enterprise Grid includes all the security capabilities in order to utilize slack while remaining HIPAA compliant. However, companies that must comply with HIPAA need to take a few extra steps in order to use Slack while still maintaining the complete security of protected health information. For full details on how to configure Slack to function for healthcare organizations and their HIPAA compliant needs, read this complete article on the topic

Workplace from Facebook 

What is Workplace from Facebook? 

Workplace, a Facebook-developed software, is a collaborative product that facilitates instant messaging, video conferencing, online group work, and news sharing. The Workplace homepage looks similar to the Facebook homepage that many are familiar with, however, Workplace accounts are set up and operate entirely separate from personal Facebook accounts. 

Workplace from Facebook & HIPAA Compliance

Unlike many of the other platforms on this list, Facebook as a corporation does not have a process for signing BAAs as part of its operations. For this reason, healthcare organizations cannot use Workplace by Facebook as a communication tool for any capacity where PHI has the potential to be shared. If employees are properly trained and it is merely used for business communication and employee engagement purposes, then HIPAA organizations are able to use this software to connect their employees. But that must be under the clear direction that no PHI is ever to interact with this software, because if it does, that is considered a HIPAA breach and should be immediately reported. 

Google Hangouts & Google Meet 

What is Google Hangouts? 

Google Hangouts is an all-in-one communications service that enables text, voice, or video chats, either one-on-one or in a group. Hangouts can be integrated with many of Google’s other services and even has an extension for easy onboarding. Hangouts is Google’s free version of this communications software which can be easily accessible to clients who do not require a higher degree of security for their services. Unfortunately, anyone who must comply with HIPAA would not fall into this category and therefore should not use Google Hangouts in any way where PHI may be a part of the conversation. 

What is Google Meet? 

Google Meet, or simply “Meet”, is another communications hub that enables text, voice, or video chats that can be used one-on-one or in a group setting. Google Meet is the enterprise package version of Google Hangouts which can be found as a part of Google Workspace, formerly known as G Suite. Just as with the free version, Meet is fully integrable with many of Google’s other products and services with an extension for easy onboarding. Meet can be used in groups of up to 250 people and can even live stream to over 100,000 people. However, opposite from Hangouts, Google Meet can be a valuable part of your company’s compliance solution, especially if you are utilizing other Google services. 

Google Hangouts/Meet & HIPAA Compliance

As we’ve mentioned above, Google Hangouts and Google Meet are actually both essentially the same software. However, since Google has taken the steps to ensure the safety and security of information only on their paid products under Google Workspace, Google Meets is included in this and therefore can be trusted. Aside from being a great communication research tools that are used by many different companies, Google Meet is also a tool that can be used by healthcare professionals due to their willingness to be HIPAA compliant. 

However, there is a key thing to note with Google’s HIPAA compliance through their Meet product - their compliance and responsibility to it ONLY covers the chat messaging feature and not the audio or video chatting features. They are willing to sign a BAA in reference to the chat feature. If you are looking to utilize the many features of a communications platform in order to host telehealth appointments, then Google Meet is not a good solution to use. To find more information about the aspects of Google products that HIPAA compliance and BAA’s refer to, look here.


Compliance Managment Full Hexagon logo

Expert compliance support, on-demand

Accountable Compliance Success Managers are dedicated to making sure your company is fully compliant as we guide you step-by-step through the process of achieving HIPAA compliance.
chevron left
Expert guidance
chevron left
Build trust
chevron left
Dedicated Compliance Success Managers
chevron left
HIPAA Training
chevron left
Decrease risk
chevron left
Close more deals