Is WhatsApp HIPAA Compliant?

Posted by Michael Hsu on 5/13/20 12:00 AM
Michael Hsu

Is WhatsApp HIPAA Compliant? The Use of WhatsApp in Healthcare

WhatsApp Messenger, or WhatsApp for short, is a communication platform owned by Facebook that allows for sending text and voice messages and making voice and video calls. You can use it to share various media, such as images, documents, locations, and more.

Since the use of WhatsApp is extremely widespread, many are wondering if it is secure enough to be utilized in healthcare. As any other communication app used to transfer protected health information (PHI), it needs to be HIPAA compliant.

Is WhatsApp HIPAA Compliant?

If it’s used for transferring electronic PHI, WhatsApp is legally considered a business associate (BA) of a healthcare provider employing it. In order to be seen as HIPAA compliant, a BA needs to enter into a business associate agreement (BAA) with the HIPAA covered entity (the healthcare provider). This agreement would outline all the safeguards that need to be put in place in order to ensure the protection of PHI.

App owners are highly unlikely to enter into a BAA over a consumer app. WhatsApp is a consumer app, and there are no indications anywhere that Facebook would sign a BAA with anyone for it. This fact alone makes WhatsApp non-HIPAA compliant by default.

One of the major features that make medical professionals consider WhatsApp is its end-to-end encryption of all communication. This is a great security feature that allows only the sender and receiver to see the transferred data. The problem is that there are no access and authentication controls in place to prevent unauthorized app access. 

Encryption is useless if anyone can take an MA’s phone, open their WhatsApp freely, and view the sent content. Once you install the app on your device, it doesn’t require you to enter a password to open it. It is always accessible. This constitutes a severe violation of the HIPAA Security Rule.

We can safely conclude that, due to its security shortcomings and Facebook’s unwillingness to enter into a BAA, WhatsApp is not HIPAA compliant and should be avoided by healthcare providers.

Curogram is a 100% HIPAA Compliant Messaging Platform for Healthcare Providers

Instead of relying on consumer apps such as WhatsApp just because they are familiar and free, you should turn to a messaging platform designed for use in healthcare. Curogram is a web-based healthcare messaging app and telemedicine solution that is entirely HIPAA compliant.

Our platform provides features that automate many time-wasting front desk tasks, improve staff efficiencies, and increase customer satisfaction. Curogram allows you to set up a virtual clinic and have online appointments with your patients.

As a medical provider, you’ll encounter various problems using WhatsApp as your go-to messaging platform. Some of them include the following:

  1. WhatsApp doesn’t integrate with EHRs
  2. WhatsApp forces your staff to use personal numbers
  3. WhatsApp can’t send automated reminders
  4. WhatsApp doesn’t have the option to create and save template texts
  5. WhatsApp doesn’t allow you to send smart rating requests
  6. WhatsApp is not an adequate telemedicine solution

WhatsApp Doesn’t Integrate with EHRs

Your communication platform should be able to integrate with your EHR. WhatsApp doesn’t have this ability, and your staff will have to coordinate information between the two platforms. This means having to enter all the relevant data twice, which leaves much room for error. You can quickly synchronize consultation from your EHR, which means that you only have to enter appointments once! Patients will get text and email reminders with the video chat links without any work from your staff.  

Curogram integrates with over 700 EHRs so that you can have all information neatly organized and manage a single schedule. We will integrate with your EHR in less than 48 hours due to our proprietary technology, whereas other solutions might take months.

Curogram EHR integrations



Practice Fusion






Prime Clinical Systems


See More Integrations Here

WhatsApp Makes Your Staff Use Their Personal Numbers

In order to communicate with patients via WhatsApp, your staff will have to use their personal numbers. Another option is to have a dedicated mobile device with a business mobile phone number. 

Both these option are highly impractical for the following reasons:

  • In the former scenario, your patients will be confused by multiple phone numbers
  • In the latter, either only one person will be able to communicate with patients or the mobile device will have to physically change hands
  • PHI won’t be secure on staff’s personal phones
  • PHI won’t be secure on any phone without access controls
  • No one wants to use their personal number for business purposes

Curogram gets you a business phone number that you can use to text patients form a web-based platform. You can also download the Curogram app on your phone and message patients from there. Patients do not need to download anything. They’ll receive your messages as an SMS text message. 

You get a centralized platform for communication where you can see all chats and chat histories. Your staff will be delighted that their personal phones won’t be cluttered with work-related data and contacts.

WhatsApp Can’t Send Automated Reminders

Appointment reminders are essential, especially if you practice telemedicine. They can reduce the number of no-shows and last-minute cancellations due to people forgetting about their appointments. Online consultations are easy to forget. Your patients might get carried away, and the appointment will completely slip their mind in seconds.

WhatsApp doesn’t integrate with your schedule, so it can’t send appointment confirmations and reminders automatically. Your staff would have to text or call everyone individually, which is inefficient and time-consuming.

Curogram can send two-way SMS auto-reminders to your patients. This means that patients can respond to these and have a real person answer to any follow-up questions. Reminders can be customized based on sending times, appointment types, and more. 

Patients prefer text-based communication as it’s more efficient and takes less time than calling and waiting on hold. Moreover, SMS text messages are the first to pop up on your patients’ phones, as they are not tied to any app that might have notifications turned off.

WhatsApp Doesn’t Have the Option to Create and Save Template Texts

Templates can save your staff a lot of time. There are many messages that they have to send over and over again and many questions they have to answer repeatedly. That’s why a repertoire of template texts can be a real time-saver.

WhatsApp doesn’t provide you with the option to create and save templates. Your staff will have to type the same thing again and again. The best you can do in WhatsApp is to perform a chat search, copy-paste the text, and adjust it for a new patient. This can lead to mistakes and PHI accidentally being shared with other patients.

With Curogram, you can create templates for frequently sent messages or answers to frequently asked questions. These will be only a click away whenever you or your staff may need them.

WhatsApp Doesn’t Allow You to Send Smart Rating Requests

Online reviews and ratings can make or break you. A bad review is notoriously difficult to convert into a positive one, and it has a lot of impact on how people perceive your practice. Your platform for communicating with patients should have some kind of a reputation management feature to help you reap five-star ratings.

If you use WhatsApp, all you’ll be able to do is pester your patients to go online, find your practice, and rate it on Google or Yelp. This can seem pushy, and it’s often a lot of work for the patient.

With Curogram, you can avoid this trap and automate five-star ratings by satisfied patients. Patients get simple one-line surveys whose goal is to establish if they’re happy with your service. If they are, they’ll get a request for a five-star rating. All they have to do is click it, and voila—you get an easy positive rating!

WhatsApp is Not an Adequate Telemedicine Solution

Even if WhatsApp can be used for text messaging with your patients, you should avoid it completely when it comes to telemedicine sessions. WhatsApp does have video and voice calling features, but they are basic and can only be used on mobile devices. 

WhatsApp Web doesn’t support video and voice calling features yet, which means you and your patients would have to talk while trying to keep your phones steady. There’s no way to view anything else on your device, like important patient documents, while having a video meeting. Even among non-HIPAA compliant solutions, you can find better ones for online visits.

Curogram’s telemedicine solution gives a full office experience to both you and your patients. It allows you to replicate your natural workflows where nurses and MAs prepare the patient before the doctor takes over. 

Our platform offers a virtual waiting room where you can see who’s in and if they’re ready. It facilitates sending medical documents, including secure web-based intake forms and visit summaries straight from the EHR, and has many other helpful features.




Local business text number to use from the web



EHR integration



Automated reminders



Advanced Waiting Room Management Tools



Patient Intake Forms and Payment Requests



Adequate telemedicine solution



What to Look for in a Telemedicine Solution

If you’re looking for more than a communication platform, WhatsApp certainly won’t do. You need a video conferencing tool that can help you transition online smoothly and host simple and efficient video appointments. Your telemedicine solution should have the following features:

  1. It should be easy for patients to use
  2. It should replicate in-person visit workflows
  3. It should feature a secure patient messaging platform
  4. It should feature a secure staff messaging platform

It Should be Easy for Patients

You need a solution that’s as easy to use as WhatsApp or even easier. Your older patients who are not so tech-savvy and don’t have WhatsApp might not even own smartphones, so downloading a phone app is not an option for them.

With Curogram, you can send auto-generated links to patients. All they have to do to get to the appointment is click the link. There are no downloads, special passwords, or room codes to enter. When they click the link, they’ll join the virtual waiting room where a nurse or an MA will help them prepare. Once they’re ready, the doctor will take over, and after the consultation, a nurse will give them any post-visit instructions and documents they might need.

It Should Replicate In-person Visit Workflows

As you can see, Curogram mimics the workflows everyone’s already used to—including doctors, nurses, and patients. This way, you achieve maximum efficiency, and no one is stuck doing anything that’s not their job.

This is something you can’t achieve with WhatsApp. It doesn’t have waiting rooms and, once an MA calls the patient (or the patient calls them), doctors and staff can’t go in and out of the meeting without ending the call. This means that doctors will be stuck with unprepared patients, trying to figure out how to onboard them and wasting precious time.

It Should Be a Secure Patient Messaging Platform

As we have mentioned, WhatsApp offers end-to-end chat encryption but doesn’t provide proper access controls and a centralized platform. This means electronic PHI could easily get compromised.

Curogram provides a platform where you can keep track of all communication threads in one place. From this web-based platform, you can send SMS text messages. It’s important to note that Curogram also offers the only mobile patient messaging solution that is fully HIPAA compliant. 

It Should Be a Secure Staff Messaging Platform

WhatsApp group chats for staff are fine, but they can get lost in a sea of other WhatsApp groups and chats. When you’re at work, you want to filter out any disturbances, and WhatsApp can be full of these. Not being able to mute this app while working because you might receive some work-related info can be terrible for some. Non-work-related chats could easily distract you even if you mute them.

As your work platform, Curogram allows you to create group chats for your staff where they can discuss anything. This is also a much more secure way to exchange sensitive patient data than a consumer app since PHI won’t end up on your staff’s personal devices.

The HHS Allows the Use of Non-HIPAA Compliant Solutions During the Coronavirus Crisis

The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has issued a Notification of Enforcement Discretion. This regulation allows the use of non-HIPAA compliant remote communication technologies during the coronavirus emergency among healthcare providers.

OCR made this temporary regulation to help medical providers reach everyone easily wherever they are during the public health crisis. This regulatory body will exercise discretion and won’t impose penalties for using non-HIPAA compliant communication solutions for as long as the public health emergency lasts.

Even though you can use WhatsApp during the COVID-19 public health crisis, we advise against it for a number of reasons:

  • You still don’t want to compromise your patients’ PHI
  • If you decide to continue to use remote communication technology after the emergency is over, you’ll have to find another solution
  • When your patients learn that you had to quit using WhatsApp because it wasn’t HIPAA compliant, they might get worried about their PHI (and rightly so)
  • Healthcare-specific communication platforms offer better functionality for a medical practice

3 Challenges of Starting Out with Telemedicine

If you’re just starting out with telemedicine, the transition is bound to be bumpy. Everyone will be stressed out—patients, doctors, staff. You’ll be even more stressed if you decide to use an inadequate app like WhatsApp for telemedicine purposes. Here are three challenges you might experience:

  1. Your patient volume may decrease
  2. Doctors and staff will need time to adjust
  3. You might experience a drop in revenue

Your Patient Volume Might Decrease

A doctor can see up to 40 patients a day in person. This number is bound to decrease for online visits, especially at the beginning. A solution that doesn’t allow for transferring smooth doctors and nurses workflows online will take its toll.

If you retain this steady flow online, doctors can go in and out of appointments without hindrances and be able to see more patients. Curogram can help you make that happen with its tools designed specifically for healthcare professionals.

Doctors and Staff Will Need Time to Adjust

For accountants, writers, and other computer-bound professionals, it doesn’t make much difference whether they’re working from home or office. For medical workers, it makes all the difference. They will need some time to adjust, and you can help them in that by:

  • Encouraging discussions about mental health issues
  • Having regular team meetings
  • Setting work-from-home policies
  • Having happy hours, etc.

Supporting your employees is one of the main reasons why you need a staff communication platform.

You Might Experience a Drop in Revenue

If doctors have to waste time figuring out technical issues, they’ll spend more time on each patient, which will lead to fewer patients altogether. If you use a solution that patients find hard to access, they might just give up. That is another loss for your practice.

If you fail to remind your patients about their telehealth appointments, you’ll lose even more of them because they might get distracted and forget. With Curogram’s smart appointment reminders, you can reduce the number of no-shows by more than 75%. Not utilizing this smart feature means leaving serious money on the table.

Wondering if other solutions are HIPAA compliant?

Are they HIPAA compliant?

Is Zoom HIPAA Compliant?

Is RingCentral HIPAA Compliant?

Is WhatsApp HIPAA Compliant?

Is Google Hangouts HIPAA Compliant?

Is FaceTime HIPAA Compliant?

Is GoToMeeting HIPAA Compliant?

Is Google Voice HIPAA Compliant?

Is HelloFax HIPAA Compliant?

Is eFax HIPAA Compliant?

Is Facebook Messenger HIPAA Compliant?

Is Email HIPAA Compliant?

Is Texting HIPAA Compliant?

Is Slack HIPAA Compliant?

Is Skype HIPAA Compliant?

Topics: HIPAA, WhatsApp

Patient 2-Way Texting

Curogram provides “All-In-One” texting and HIPAA compliant messaging platform for independent practices, physician groups, and clinically integrated networks.

Subscribe Here!

Recent Posts