Is WebEx HIPAA Compliant?

WebEx is a platform for online video conferencing and collaboration helping organizations interact with distant individuals and partners as though they are all together in one room. Should healthcare providers use WebEx or not? Is it HIPAA compliant? With resources like WebEx, healthcare businesses can connect instantly and effortlessly with the employees, regardless of where they happen to be. Regional operational meetings, healthcare employee trainings, medical education and even patient communications can all be conducted online. However, healthcare organizations need to be sure that this tool supports HIPAA compliance before using it with protected health information (PHI).

Cisco has enforced many security controls to make sure all communications happen safely and information are not intercepted. Any details sent using a WebEx application to the WebEx cloud takes place via an encrypted channel that supports TLS 1.0, 1.1 and 1.2 protocols and utilizes high strength ciphers including AES-256. Media packets are protected by encryption using AES 128. The option to use end-to-end encryption is also available, which if employed, means Cisco will never decrypt any media streams.

Most media streams could be documented for future use especially in case of a HIPAA audit. Data is likewise secured at rest using encryption while sound, video, and data streams are kept in a separate storage. Administrators could set up the platform to deliver the following required security level:

  • limit unsuccessful login attempts
  • automatic deactivation of accounts when the user is inactive for a defined period of time
  • enforcing strong password
  • use 2-factor authentication
  • controls for who can access the platform

Cisco additionally offers complete documentation on technology, functionality and security to assist healthcare companies in conducting their risk analysis. Cisco is also ready to sign a business associate agreement (BAA) with HIPAA covered entities or their business associates.

So, is WebEx HIPAA Compliant? WebEx comes with administrative and technical safety measures that satisfy HIPAA specifications; but, it depends on covered entities to be sure the application is set up properly and that it is utilized in a HIPAA-compliant way. So long as all security measures are in place, and Cisco has signed a business associate agreement that covers the application of WebEx for Healthcare, WebEx is HIPAA compliant and may be put to use by healthcare businesses.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: