Is Facebook HIPAA compliant? (Update 2024)

Facebook, owned by Meta Platforms, is a social media platform for personal and professional communication, sharing updates and photos, and engaging in groups and events. With Facebook, users can connect with friends, family, and communities, share various content types, and participate in real-time communication. 

Is Facebook HIPAA compliant? No, based on our research, Facebook may not be HIPAA compliant.

Will Facebook sign a business associate agreement (BAA)?

No, Facebook will not sign a business associate agreement (BAA), and therefore, it is not HIPAA compliant. A BAA ensures that a platform meets HIPAA requirements, particularly concerning the handling and security of protected health information (PHI). Without this agreement, any PHI shared on Facebook is not secured under HIPAA regulations, posing significant risks for healthcare entities.

Conclusion

Facebook does not sign a BAA and may therefore not be HIPAA compliant.

Learn more: HIPAA Compliant Email: The Definitive Guide

FAQs

What is a business associate agreement?

A business associate agreement (BAA) is a legally binding contract establishing a relationship between a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) and its business associates. This agreement aims to ensure the proper protection of personal health information (PHI) as required by HIPAA regulations.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) sets national standards for protecting the privacy and security of certain health information, known as protected health information (PHI). HIPAA is designed to protect the privacy and security of individuals’ health information and to ensure that healthcare providers and insurers can securely exchange electronic health information. Violations of HIPAA can result in significant fines and penalties for covered entities.

Who does HIPAA apply to?

HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.