Is WebEx HIPAA Compliant?

WebEx is a platform for online video conferencing and collaboration helping organizations interact with distant individuals and partners as though they are all together in one room. Should healthcare providers use WebEx or not? Is it HIPAA compliant? With resources like WebEx, healthcare businesses can connect instantly and effortlessly with the employees, regardless of where they happen to be. Regional operational meetings, healthcare employee trainings, medical education and even patient communications can all be conducted online. However, healthcare organizations need to be sure that this tool supports HIPAA compliance before using it with protected health information (PHI).

Cisco has enforced many security controls to make sure all communications happen safely and information are not intercepted. Any details sent using a WebEx application to the WebEx cloud takes place via an encrypted channel that supports TLS 1.0, 1.1 and 1.2 protocols and utilizes high strength ciphers including AES-256. Media packets are protected by encryption using AES 128. The option to use end-to-end encryption is also available, which if employed, means Cisco will never decrypt any media streams.

Most media streams could be documented for future use especially in case of a HIPAA audit. Data is likewise secured at rest using encryption while sound, video, and data streams are kept in a separate storage. Administrators could set up the platform to deliver the following required security level:

  • limit unsuccessful login attempts
  • automatic deactivation of accounts when the user is inactive for a defined period of time
  • enforcing strong password
  • use 2-factor authentication
  • controls who can access the platform strictly

Cisco additionally offers complete documentation on technology, functionality and security to assist healthcare companies in conducting their risk analysis. Cisco is also ready to sign a business associate agreement (BAA) with HIPAA covered entities or their business associates.

So, is WebEx HIPAA Compliant? WebEx comes with administrative and technical safety measures that satisfy HIPAA specifications; but, it depends on covered entities to be sure the application is set up properly and that it is utilized in a HIPAA-compliant way. So long as all security measures are in place, and Cisco has signed a business associate agreement that cover the application of WebEx for Healthcare, WebEx is HIPAA compliant and may be put to use by healthcare businesses.