Is Discord HIPAA Compliant?

Is Discord HIPAA Compliant? HIPAAGuide.net

Discord is not HIPAA compliant and, due to the way in which data is collected and used by the platform, covered entities and business associates should prohibit members of the workforce sharing Protected Health Information (PHI) via Discord and implement a HIPAA compliant alternative in its place.

Discord is a communication platform that was originally developed for the gaming community. The platform allows friends, colleagues, and family members to chat via text, voice, or video – similar to WhatsApp. As well as being able to host one-to-one communications, Discord enables group discussions in virtual communities known as โ€œserversโ€.

The Benefit of Discord in Healthcare

Group discussions in virtual communities can be beneficial in healthcare settings. Virtual communities allow members of the workforce to engage in group discussions remotely, and to send or receive files, images, and videos that may help other members of the group resolve problems, overcome challenges, or work more productively.

However, when PHI is disclosed in a virtual group discussion, it is necessary for the communication platform to support HIPAA compliance. This means the platform must have controls that can be configured to ensure the confidentiality, integrity, and availability of PHI and that the vendor will enter into a Business Associate Agreement.

Is Discord HIPAA Compliant?

Discord is not HIPAA compliant. Not only does it lack the controls that might make Discord HIPAA compliant, but Discord also acknowledges in its Terms of Use that it monitors the content of communications and may use, copy, store, publish, distribute, and share the content โ€“ either with business partners and affiliates, or publicly across the Internet.

In addition, Discord reserves the right to remove any content in breach โ€œany applicable law or regulation if it creates risk for Discordโ€. If Discord felt it was a risk to allow users to create, receive, store, or transmit PHI, it could โ€“ in theory โ€“ permanently delete any PHI created on the platform. It is no surprise that Discord will not enter into a Business Associate Agreement.

HIPAA
Compliance
Checklist

Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

Download Free Checklist

HIPAA Compliant Alternatives to Discord

If Discord is used in a healthcare setting, it is essential members of the workforce are prohibited from disclosing PHI on the platform. It is also advisable for covered entities and business associates to implement a HIPAA compliant alternative to Discord and provide HIPAA training on when to use Discord and when to use the alternative platform.

Options for HIPAA compliant alternatives to Discord include Microsoft Teams, ย Google Meet, and Slack โ€“ subject to an appropriate subscription, compliant configuration, and a Business Associate Agreement being in place. While these platforms may not support the same free flow of communication as Discord, they can all be configured to support HIPAA compliance.

About Liam Johnson

Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/