HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.
We know the HIPAA industry is vast and that it is important to properly showcase your organization while remaining safe and HIPAA compliant.
Today, we will determine if YouTube is HIPAA compliant or not.
SEE ALSO: HIPAA compliant email
YouTube is currently the second most visited website (after Google) with more than 2 billion monthly users. And a large part of its growth is because Google expanded YouTube into mobile applications and television/movies.
The platform easily links to and from other services, such as social media. Moreover, Google and other search engines tend to show videos frequently in searches.
YouTube and the business associate agreement
A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.
In this instance, YouTube is a business associate for a healthcare organization if it handles PHI.
RELATED: Is a name PHI?
Google will sign a BAA for some of its products, but not YouTube. Furthermore, YouTube does not list a BAA on any of the Google security web pages nor on its website.
Moreover, a Google HIPAA document affirms, “Any Core Services not listed . . . may not be used . . . with PHI.” YouTube is not listed.
YouTube, data protection, and HIPAA marketing
Google utilizes encryption and has several physical layers of security around its data centers. User access is controlled through two-factor authentication but once signed in, a device can stay signed into an account.
And according to a YouTube data web page, signed-in activity (e.g., watch and search history) is saved to a Google account. However, account holders can control the settings as needed.
YouTube is part of Google’s AdSense program, which generates revenue from targeted ads for both the advertiser and where the content is shown.
RELATED: Is Google Ads HIPAA compliant?
As a leader in PPC advertising, Google has firm rules when it comes to healthcare ads and does not utilize retargeting.
Is YouTube HIPAA compliant?
The BAA is a key component of HIPAA compliance and YouTube does not appear to offer a BAA.
Unfortunately, if a breach or HIPAA violation occurs and any PHI is visible, the covered entity is liable.
YouTube is not HIPAA compliant.