WebEx and HIPAA Compliance

A web and video conferencing and collaboration platform, WebEx allows businesses connect with remote workers and partners as if they are working on site.

Using utilities like WebEx, healthcare groups can interact quickly and easily with the workforce, no matter where staff members are working from. Regional operational meetings can be operated, medical education can take place digitally, and healthcare staff members can be trained on new processes and processes. These platforms can also possibly be used for interacting with patients.

However, before any collaboration utilities can be used in connection with protected health information (PHI), healthcare groups must be ensure that the tools adhere to HIPAA guidelines. It is important to consider if WebEx is HIPAA compliant or not.

Cisco has including a host of security controls to make sure all communications take place safely and information cannot be captured by external entities. Any data transmitted from a WebEx application to the WebEx cloud takes place through an encrypted channel which supports TLS 1.0, 1.1 and 1.2 protocols and uses powerful ciphers such as AES-256. Media packets are encrypted by way of AES 128. There is also the option inclusion of end-to-end encryption, which if used, means Cisco will not decrypt any functioning media streams.

All media streams can be captured for future reference and adhere with HIPAA audit requirements. Data is also secured  at rest with encryption and audio, video, and data streams are stored elsewhere.

Administrators can set up the platform to allow the desired level of security, including rate limiting on logins, the automatic deactivation of subscriptions after a defined period of inactivity, password policies can be supplied, 2-factor authentication can be employed, and strict access controls set to carefully monitor who has access to the database.

Cisco also allows full documentation on functionality, technology, and security to assist healthcare groups with their risk audits.

Cisco will also complete a business associate agreement with HIPAA covered bodies and their business associates.

HIPAA WebEx Compliance

WebEx includes administrative and technical security measures that adhere to HIPAA requirements; however, it is up to covered bodies to guarantee that the platform is configured properly and that it is used in a manner that adheres with HIPAA regulations.

If this is in place, and a business associate agreement has been completed with Cisco allowing the use of WebEx for Healthcare, WebEx is HIPAA compliant and can be employed by healthcare groups.