From time to time, customers will ask about Facebook Messenger and whether or not they can use Facebook Messenger and be HIPAA compliant.
The purpose of this post is to determine if the use of Facebook Messenger is HIPAA compliant or not.
What is Facebook Messenger?
Facebook Messenger, commonly known as Messenger, is a messaging app and platform originally developed by Facebook as Facebook chat in 2008. Facebook revamped chat as a messaging service in 2010 and since then the service has grown to more than 1.2 billion users.
Facebook Messenger and the Business Associate Agreement
Although there’s no official certification for software to be considered HIPAA compliant, there are a set of regulations that are needed to be followed. One of the most basic is the requirement for a Business Associate Agreement.
A Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate.
Since Facebook owns Facebook Messenger, we checked Facebook’s website for indicators of Facebook Messenger’s HIPAA compliance.
After looking through their data policy, terms of service and other legal info, we couldn’t find any mention of HIPAA or the BAA in any of those key resources.
Does Facebook Messenger Offer HIPAA Compliant Service?
The Business Associate Agreement is a key component of HIPAA compliance between a Covered Entity and a Business Associate.
We were unable to find a single mention of HIPAA compliance or of the existence of a Business Associate Agreement on either Facebook’s site, and have to conclude that Facebook Messenger is not HIPAA compliant.