WebEx is a Cisco web conferencing and online meeting platform. WebEx has described its WebEx for Healthcare video conferencing and mobile app as easy to use and easy to host. With WebEx, a provider has the ability to conduct remote video consults with patients, and message patients with quick answers to questions. As good as this sounds, is WebEx HIPAA compliant? Since use of WebEx involves transmission of electronic protected health information (ePHI), providers may only use WebEx if WebEx is HIPAA Compliant.
Is WebEx HIPAA Compliant? WebEx Data Security Measures
For WebEx to be HIPAA compliant, WebEx must offer security controls that safeguard the confidentiality, integrity, and availability of ePHI. Cisco’s website notes that information sent from a WebEx application to the WebEx cloud occurs through an encrypted channel, that supports the TLS 1.2 protocol (which allows for secure data communications between a browser and the destination server) and uses high strength ciphers (algorithms for encryption and decryption) such as AES-256. 256-level encryption masks data, making it unreadable to unauthorized users. WebEx also offers end-to-end encryption. End-to-end encryption prevents data from being read or modified, other than by the true sender and recipient(s). With end-to-end encryption, not even WebEx has the ability to read or modify the data.
Webex also allows for recording of media streams for future reference, and to enable providers to meet HIPAA audit requirements. Data at rest is protected by WebEx through encryption. Audio, video, and data streams are stored separately.
Is WebEx HIPAA Compliant? Additional Security Controls
WebEx offers additional security controls. Administrators can limit login attempts, automatically deactivate an account after a defined period of inactivity, and enable two-factor authentication. Cisco also provides users with full documentation on WebEx’s functionality, technology, and security. The documentation can be used by healthcare organizations as they perform their risk assessments.
Is WebEx HIPAA Compliant? Business Associate Agreement
HIPAA regulations require that covered entities enter into a business associate agreement with vendors before vendors can create, receive, maintain, or transmit PHI on behalf of (or for the benefit of) covered entities (directly or through another business associate) to carry out covered entity functions. WebEx is willing to enter into a business associate agreement with covered entities that want WebEx to perform PHI-related activities.
Is WebEx HIPAA Compliant?
Yes. With a signed business associate agreement, and proper use of the software, WebEx is HIPAA compliant.
Need Help with HIPAA?
Let our complete HIPAA solution handle it.