Lately we’ve been discussing in the office whether certain cloud-based solutions are HIPAA compliant or not. WhatsApp, which was bought by Facebook in 2014, is a hugely popular secure messaging service.
We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.
In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:
The purpose of this post is to determine if WhatsApp offers HIPAA compliance or not.
SEE ALSO: HIPAA Breaches and Cloud Providers
WhatsApp is a freeware and cross-platform instant messaging service for smartphones. Its user base grew to more than 1 billion active users by February 2016.
Facebook acquired WhatsApp in 2014 for an astounding $19.3 billion.
WhatsApp and the Business Associate Agreement
We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.
Since WhatsApp is now part of Facebook, we checked the websites of both Facebook and WhatApp for mentions of their capabilities on HIPAA compliance for WhatsApp.
For our Facebook search, we keyed in on their:
We could not find any mention of HIPAA or Business Associate Agreement in any of these key resources.
Next, we did the same search on WhatsApp. Their legal docs were bundled into a single page:
We could not find any mention of HIPAA or Business Associate Agreement there either.
The Promise of WhatsApp and HIPAA
There have been several thoughtful articles written about using WhatsApp in healthcare:
- Why WhatsApp Could Be A Game-Changer for American Health Care [Fortune]
- Here’s how WhatsApp could disrupt healthcare [Business Insider]
- Under the weather? Whatsapp your doctor [Gadgets Now]
The key takeaways from each article are:
- WhatsApp is popular in healthcare for some countries, but not the U.S.
- WhatsApp is not currently HIPAA compliant.
Does WhatsApp Offer HIPAA Compliant Service?
The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate.
Since we could not find a single mention of HIPAA compliance or Business Associate Agreement on both Facebook and WhatsApp’s sites, we are left to conclude WhatsApp is not HIPAA compliant.
Conclusion: WhatsApp is not HIPAA compliant.