WebEx and HIPAA Compliance

by | Feb 20, 2018

A web and video conferencing and collaboration platform, WebEx allows businesses connect with remote workers and partners as if they are working on site.

Using utilities like WebEx, healthcare groups can interact quickly and easily with the workforce, no matter where staff members are working. Regional operational meetings can be conducted, medical education can take place digitally, and healthcare staff members can be trained on new processes and processes. These platforms can also possibly be used for interacting with patients.

However, before any collaboration utilities can be used in connection with protected health information (PHI), healthcare groups must be ensure that the tools adhere to HIPAA guidelines. It is important to consider if WebEx is HIPAA compliant or not.

Cisco – the developer of WebEx – has included a host of security controls to make sure all communications take place safely and information cannot be captured by external entities. Any data transmitted from a WebEx application to the WebEx cloud takes place through an encrypted channel which supports TLS 1.0, 1.1 and 1.2 protocols and uses powerful ciphers such as AES-256. Media packets are encrypted by way of AES 128. There is also the option of end-to-end encryption; which, if used, means Cisco will not decrypt any functioning media streams.

All media streams can be captured for future reference and adhere with HIPAA audit requirements and data is also secured at rest with encryption.

Administrators can configure the platform for the necessary levels of security – including access controls and automatic deactivation after a defined period of inactivity. Password policies can be applied, 2-factor authentication can be used, and audit logs enabled.

Cisco also provides full documentation on functionality, technology, and security to assist healthcare groups with their risk audits.

Cisco will also complete a business associate agreement with HIPAA covered bodies and their business associates.

HIPAA WebEx Compliance

WebEx includes administrative and technical security measures that adhere to HIPAA requirements; however, it is up to covered bodies to guarantee that the platform is configured properly and used in a manner that adheres with HIPAA regulations.

Once these criteria are fulfilled, and a business associate agreement has been completed with Cisco allowing the use of WebEx for Healthcare, WebEx is HIPAA compliant and can be employed by healthcare groups.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy