Gazelle Consulting

Is Slack HIPAA Compliant?

Is Slack HIPAA Compliant?

Yes, Slack can be configured to be HIPAA compliant. In this post we will discuss what it takes to operate a Slack account while remaining HIPAA compliant.

Do not assume the configuration settings of Slack are optimized for HIPAA compliance by default. It is important to understand that meeting HIPAA requirements combines the technical security control settings in Slack with administrative security controls you are responsible for carrying out.

You must consider each Slack feature on a case by case basis to identify what security controls are available and ensure those controls do not violate your established security procedures.

Choosing the Right Slack Plan

For users of Slack’s non-enterprise software or those that cannot setup up a BAA with Slack Enterprise Grid, HIPAA compliance is not possible and you should keep searching for compliant team collaboration software that fits your needs. BAA agreements are only available to Slack Enterprise Grid users.

Slack Enterprise Grid software meets the required certification and regulation criteria that enable it to be optimized for HIPAA compliance. From encrypting data in transit and at rest to an enterprise encryption key management solution, Slack has thought of everything when it comes to keeping PHI secure.

For even more details on the security controls available in Slack, check out this amazing Security at Slack White Paper for a complete high-level overview of the latest features for 2019. These controls may not be configured by default, so make sure your team will need to do the rest. Contact Gazelle Consulting if you have any questions about configuring Slack.

How to Sign a Business Associate Agreement with Slack

The official Security at Slack page lists all the certifications and regulations Slack complies with, including HIPAA. As of 4/4/2019 the instructions on the Security at Slack page ask that you use this contact form to, “request requirements for HIPAA entities”. When you receive a response from Slack, indicate to them that you may use Slack to handle PHI and would like to set up a business associate agreement.

Deciding if Slack is HIPAA Compliant for You

When choosing HIPAA compliant software, consider your existing security management process. Any collaborative software that stores or transmits PHI should be able to encrypt data, security store content entered by users, enforce role authorization, enable secure encryption key management, track user activity and any other features that support your HIPAA compliance processes.

Adding new software to information systems that process your PHI is a development you will want to handle with great deliberation and care. Any additional software or tools you add should enhance your HIPAA compliant healthcare services, not cause more vulnerabilities.

If you have any questions about whether Slack is the right collaboration tool to support your healthcare services, send Gazelle Consulting a message today or call 503-389-5666.

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest

Popular Posts

  • How to Handle the Loss or Destruction of Medical Records

    Whether it be an delete happy IT admin, a theft, or a glitch in your system, lost health records can have an impact on your patients...

  • 2018’s Most Interesting HIPAA Violation Cases

    2018’s Most Interesting HIPAA Violation Cases

    Since the 2003, the Enforcement Act, an addendum to HIPAA that gave the OCR the right to enforce HIPAA on behalf of the HHS, we’ve seen an ever increasing number of fines and breaches.

  • Who Enforces HIPAA?

    HIPAA, which stands for the Health Insurance Portability and Accountability Act, is enforced by the Office for Civil Rights (OCR), which is an arm of the Department of Health and Human Services (HHS).

  • Stronger HIPAA enforcement

    HIPAA Consent Form – How to Obtain HIPAA Authorization

    Earlier this month, the Office for Civil Rights (OCR) announced a new plan to strengthen HIPAA enforcement in response to criticism from the Office of Inspector General (OIG). The OCR will be beefing up their compliance investigations and expanding their audit program in 2016.

  • What is the Purpose of HIPAA?

    What is the Purpose of HIPAA?

    HIPAA compliance can be confusing. Is it HIPAA or HIPPA? Do I need to be HIPAA compliant? Who enforces HIPAA? Gazelle Consulting is here to answer your questions and help you to achieve compliance quickly and painlessly!