Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

hipaa

Mike Witzel
Mike Witzel March 24, 2016

Is HipChat Server HIPAA-compliant "off the shelf"?

Answer
Watch
Like # people like this
1318 views

3 answers

0 votes
Kenn Fiedler
Kenn Fiedler September 23, 2016

The answer is, sorta. 

"New standard – impermissible use/disclosure of (unsecured) PHI presumed to require notification, unless CE/BA can demonstrate low probability that PHI has been compromised based on a risk assessment of at least: – Nature & extent of PHI involved – Who received/accessed the information – Potential that PHI was actually acquired or viewed – Extent to which risk to the data has been mitigated"

While the servers, on the end of the owners of the servers, may be able to view and access logs you cannot. You have no way of proving that you can account for who had viewed the information or who had access to the information. So, while you may not exactly be going against HIPAA because you aren't giving the information to anyone who shouldn't have it...you aren't exactly staying within guidelines because you can't prove who did or didn't have access to it. 

Reply
0 votes
Mike Witzel
Mike Witzel March 24, 2016

Thanks for the quick reply, Peter.

There are certain criteria for a messaging application to be HIPAA-compliant.  I read through the HipChat info and see that only the "server" version can be HIPAA-complaint but besides that, I could find no other related info which makes me think that even the server version of HipChat is not HIPAA-compliant out-of-the-box.

Anyone else have any input?

Thanks,

Mike

View More Comments
Peter T
Peter T
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 24, 2016

I've found this article about hippa and electronic communication.

https://www.perfectserve.com/hospital/docs/PerfectServe-Clarifying-Confusion-About-HIPAA-Compliant-Electronic-Communication.pdf

after reading it, I understood that unless the storage, in the device receiving the encrypted message, is properly secured it won't be hipaa compliant.

Like
Reply
0 votes
Peter T
Peter T
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 24, 2016

Hi Mike,

 

without being an expert in HIPAA compliance I think the asnwer is yes given the information in this security article

https://confluence.atlassian.com/hc/hipchat-server-security-648218032.html

 

Let me know if that works,
Cheers,
Peter T

Reply

Suggest an answer

Log in or Sign up to answer
Hipchat
Hipchat
TAGS
AUG Leaders

Atlassian Community Events

    See all events