From time to time, customers will ask about WhatsApp and whether or not they can use WhatsApp and be HIPAA compliant.
The purpose of this post is to determine if the use of WhatsApp is HIPAA compliant or not.
What is WhatsAPP?
WhatsApp is a free, cross-platform messaging and voice over IP service owned by Facebook. More than 1 billion people in over 180 countries use WhatsApp and it was acquired by Facebook in 2014 for an astounding $19.3 billion.
WhatsApp and the Business Associate Agreement
Although there’s no official certification for software to be considered HIPAA compliant, there are a set of regulations that are needed to be followed. One of the most basic is the requirement for a Business Associate Agreement.
A Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate.
Since Facebook now owns WhatsApp, we checked both of their websites for indicators of WhatsApp’s HIPAA compliance.
After looking through their data policy, terms of service and other legal info, we couldn’t find any mention of HIPAA or the BAA in any of those key resources.
Does WhatsApp Offer HIPAA Compliant Service?
The Business Associate Agreement is a key component of HIPAA compliance between a Covered Entity and a Business Associate.
We were unable to find a single mention of HIPAA compliance or of the existence of a Business Associate Agreement on either Facebook or WhatsApp’s sites, and have to conclude that WhatsApp is not HIPAA compliant.