HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.
We know the HIPAA industry is vast and that it is important to correctly communicate with other providers and patients while remaining HIPAA compliant.
SEE ALSO: HIPAA compliant email
Today, we will determine if Workplace is HIPAA compliant or not.
Launched in 2016, Workplace from Facebook (now Meta) is a communication tool that connects groups of people, even if remotely. Facebook is the world’s largest social network with over 3 billion active users; more than half of them log on every day.
RELATED: Is Facebook HIPAA compliant?
Workplace facilitates online group work, instant messaging, video conferencing, and news sharing in a collaborative environment.
Facebook discontinued its free accounts for Workplace in February 2021. Pricing plans depend on the number of viewers with add-ons available.
Workplace and the business associate agreement
A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.
Similar to other social media platforms, Facebook will not sign a BAA with covered entities.
Moreover, a paragraph in its Workplace Online Terms states, “With regard to health information, you acknowledge that Facebook is not a Business Associate or subcontractor (as those terms are defined in [HIPAA] and that Workplace is not HIPAA compliant.”
Workplace and cybersecurity
As emphasized in the online terms, customers “agree not to submit to Workplace any information or data that is subject to safeguarding and/or limitations on distribution pursuant to applicable laws and/or regulation.”
Nevertheless, Facebook uses strong cybersecurity measures to ensure customer data remains confidential. This includes password management, user access management, and encryption of the network as well as data in transit.
Moreover, its Workplace Security Guide states that Workplace utilizes three principles when it comes to security.
- You own your data
- Strict controls on data access
- Workplace and Facebook are separate platforms
Is Workplace HIPAA compliant?
The BAA is a key component of HIPAA compliance and Facebook does not sign a BAA and states that Workplace is not HIPAA compliant.
Workplace is not HIPAA compliant.