Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

Is Yammer HIPAA compliant? (Update 2024)

Is Yammer HIPAA compliant? (Update 2024)

As a social networking and collaboration tool, Yammer offers healthcare organizations the opportunity to streamline communication and improve collaboration among employees. However, when it comes to sharing electronic protected health information (ePHI), a critical question arises: Is Yammer HIPAA compliant? Our initial research suggests it can be HIPAA compliant.

 

What is Yammer?

Yammer is a social networking and collaboration platform that was acquired by Microsoft in 2012. Yammer offers a unique feature: private communications. Companies can use Yammer exclusively for internal purposes or extend its use to communication with customers and business associates. Users can engage in chats, and share photos, documents, and other files, making it a versatile tool for collaboration.

 

Yammer and Business Associate Agreements (BAAs)

Under the Health Insurance Portability and Accountability Act (HIPAA), any software or service that handles protected health information (PHI) on behalf of a covered entity is considered a business associate. Business associates are required to sign a business associate agreement, which outlines their responsibilities and obligations regarding PHI protection.

Given Yammer’s functionalities, such as private communication, it's probable that it would be considered a business associate when utilized in healthcare environments.

Upon reviewing Yammer’s official documentation, we found that since Yammer’s acquisition by Microsoft, it has been covered by its Office 365 enterprise BAA. This commitment demonstrates Yammer's dedication to HIPAA compliance and its understanding of the importance of protecting PHI.

 

Yammer and data security

When Microsoft acquired Yammer, they recognized the importance of meeting HIPAA security standards to ensure the platform's suitability for healthcare organizations. Yammer prioritizes data protection through a multi-layered security infrastructure. It implements various security measures to ensure the confidentiality, integrity, and availability of user data.

Some notable security features offered by Yammer include:

  • Encryption: Yammer employs advanced encryption techniques utilizing AES 256-bit key encryption to protect sensitive data, such as PHI.
  • Access controls: Yammer implements strict access controls to limit data access to authorized individuals as well as guaranteeing logical separation and privacy of data between different organizations. 
  • Auditing and monitoring: Yammer incorporates detailed activity logs that enable administrators to monitor platform usage and conduct audits on users, admins, groups, files, and network settings.

 

Is Yammer HIPAA compliant?

Based on our analysis, Yammer demonstrates a commitment to data security through its multi-layered security infrastructure, encryption techniques, access controls, and auditing capabilities. Their willingness to sign a business associate agreement (BAA) further reinforces their compliance with HIPAA standards. Therefore, Yammer can be considered HIPAA compliant.

 

Understanding HIPAA Compliance:

HIPAA compliance extends beyond just technical safeguards and software solutions. When evaluating a tool's or service's compliance, consider the following:

  • Technical Safeguards: While tools like Yammer play a crucial role, other technical measures, such as HIPAA compliant email, are equally vital.
  • Employee Training: Ensuring all staff members are well-versed in HIPAA regulations and best practices is paramount. Regular training sessions can help prevent unintentional breaches.
  • Regular Audits: Periodic assessments of all systems and processes ensure that they remain compliant and adapt to any changes in regulations or technology.
  • Data Access Controls: Implementing stringent controls on who can access protected health information and under what circumstances is a cornerstone of HIPAA compliance.

 

 

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.