Is Cisco Jabber HIPAA compliant?

Featured image

Share this article

Is Cisco Jabber HIPAA Compliant? - Paubox

Lately we’ve been discussing in the office whether certain cloud-based solutions are HIPAA compliant or not. Jabber by Cisco is a provider of presence and messaging software.

We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.

UPDATE: In April 2020, in connection with the COVID-19 pandemic, the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) announced the Notification of Enforcement Discretion, which allows healthcare providers to use widely available communication apps, such as [name of the app], for telehealth services without the risk of incurring HIPAA fines. For more information, check out this recent Paubox blog post.

In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:

The purpose of this post is to determine if Cisco Jabber offers HIPAA compliance or not.

SEE ALSO: HIPAA Breaches and Cloud Providers

About Jabber

Jabber is a provider of presence and messaging software.

It’s important to note that Cisco acquired the company called Jabber (jabber.com) in 2008. The open standard Jabber (jabber.org) is a stand-alone entity.

The Jabber protocol, now called XMPP, is an open standard for Instant Messaging.

Jabber and the Business Associate Agreement

We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance to ensure security and privacy.

Jabber XCP Frequently Asked Questions

We checked the Cisco Jabber site and found a page called Jabber XCP Frequently Asked Questions.

In it, Cisco points out:

Q: How secure is Jabber XCP?
A: Jabber XCP is secure enough to support compliance regulations such as the Securities Exchange Commission (SEC) and Health Insurance Portability and Accountability (HIPAA). Jabber XCP security is used and trusted by the U.S. federal government.

The page does not make any mention however, of Cisco being willing to sign a Business Associate Agreement for use with Jabber.

The Cisco Approach to Telehealth White Paper

We also found a White Paper on Cisco’s site called The Cisco Approach to Telehealth.

It’s written in marketing speak and does not dive into any details around whether the company will actually sign a BAA with its customers.

Cisco Compliance Solution for HIPAA Security Rule Design and Implementation Guide

We next found the Cisco Compliance Solution for HIPAA Security Rule Design and Implementation Guide.

The Implementation Guide is comprehensive and overwhelmingly demonstrates Cisco’s focus on the U.S. Healthcare market.

There are two issues remaining however:

  • Cisco still does not mention signing a BAA.
  • Jabber is not mentioned as being HIPAA compliant.

We were unable to find any other evidence on Cisco’s site that mentions it signing a BAA.

Does Cisco Jabber Offer HIPAA Compliant Service?

The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate.

While Cisco is obviously focused on the U.S. Healthcare market, we were left with the impression that they do not actually sign Business Associate Agreements with their customers.

Instead, we believe they’ve determined themselves to fall in the HIPAA Conduit Exception Rule category.

SEE ALSO: HIPAA Conduit Exception Rule – What is it?

It’s also possible we fundamentally do not understand the nature of Jabber. Perhaps it’s not a cloud-based service at all and instead must be installed on-premises. If that’s the case, a BAA from Cisco would most likely not be required.

Conclusion: We are unable to conclusively determine if Jabber is HIPAA Compliant or not. We’re also unable to determine if it’s even a cloud-based service.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Hoala Greevy

Founder of Paubox. Kayak fishing when I can. Native Hawaiian CEO.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022