Is Discord HIPAA Compliant?
Discord is not HIPAA compliant and, due to the way in which data is collected and used by the platform, covered entities and business associates should prohibit members of the workforce sharing Protected Health Information (PHI) via Discord and implement a HIPAA compliant alternative in its place.
Discord is a communication platform that was originally developed for the gaming community. The platform allows friends, colleagues, and family members to chat via text, voice, or video – similar to WhatsApp. As well as being able to host one-to-one communications, Discord enables group discussions in virtual communities known as โserversโ.
The Benefit of Discord in Healthcare
Group discussions in virtual communities can be beneficial in healthcare settings. Virtual communities allow members of the workforce to engage in group discussions remotely, and to send or receive files, images, and videos that may help other members of the group resolve problems, overcome challenges, or work more productively.
However, when PHI is disclosed in a virtual group discussion, it is necessary for the communication platform to support HIPAA compliance. This means the platform must have controls that can be configured to ensure the confidentiality, integrity, and availability of PHI and that the vendor will enter into a Business Associate Agreement.
Is Discord HIPAA Compliant?
Discord is not HIPAA compliant. Not only does it lack the controls that might make Discord HIPAA compliant, but Discord also acknowledges in its Terms of Use that it monitors the content of communications and may use, copy, store, publish, distribute, and share the content โ either with business partners and affiliates, or publicly across the Internet.
In addition, Discord reserves the right to remove any content in breach โany applicable law or regulation if it creates risk for Discordโ. If Discord felt it was a risk to allow users to create, receive, store, or transmit PHI, it could โ in theory โ permanently delete any PHI created on the platform. It is no surprise that Discord will not enter into a Business Associate Agreement.
HIPAA Compliant Alternatives to Discord
If Discord is used in a healthcare setting, it is essential members of the workforce are prohibited from disclosing PHI on the platform. It is also advisable for covered entities and business associates to implement a HIPAA compliant alternative to Discord and provide HIPAA training on when to use Discord and when to use the alternative platform.
Options for HIPAA compliant alternatives to Discord include Microsoft Teams, ย Google Meet, and Slack โ subject to an appropriate subscription, compliant configuration, and a Business Associate Agreement being in place. While these platforms may not support the same free flow of communication as Discord, they can all be configured to support HIPAA compliance.