WebEx and HIPAA Compliance

A web and video conferencing and collaboration platform, WebEx allows businesses connect with remote workers and partners as if they are working on site.

Using utilities like WebEx, healthcare groups can interact quickly and easily with the workforce, no matter where staff members are working. Regional operational meetings can be conducted, medical education can take place digitally, and healthcare staff members can be trained on new processes and processes. These platforms can also possibly be used for interacting with patients.

However, before any collaboration utilities can be used in connection with protected health information (PHI), healthcare groups must be ensure that the tools adhere to HIPAA guidelines. It is important to consider if WebEx is HIPAA compliant or not.

Cisco – the developer of WebEx – has included a host of security controls to make sure all communications take place safely and information cannot be captured by external entities. Any data transmitted from a WebEx application to the WebEx cloud takes place through an encrypted channel which supports TLS 1.0, 1.1 and 1.2 protocols and uses powerful ciphers such as AES-256. Media packets are encrypted by way of AES 128. There is also the option of end-to-end encryption; which, if used, means Cisco will not decrypt any functioning media streams.

All media streams can be captured for future reference and adhere with HIPAA audit requirements and data is also secured at rest with encryption.

Administrators can configure the platform for the necessary levels of security – including access controls and automatic deactivation after a defined period of inactivity. Password policies can be applied, 2-factor authentication can be used, and audit logs enabled.

Cisco also provides full documentation on functionality, technology, and security to assist healthcare groups with their risk audits.

Cisco will also complete a business associate agreement with HIPAA covered bodies and their business associates.

HIPAA WebEx Compliance

WebEx includes administrative and technical security measures that adhere to HIPAA requirements; however, it is up to covered bodies to guarantee that the platform is configured properly and used in a manner that adheres with HIPAA regulations.

Once these criteria are fulfilled, and a business associate agreement has been completed with Cisco allowing the use of WebEx for Healthcare, WebEx is HIPAA compliant and can be employed by healthcare groups.