- Slack recently added HIPAA compliance to its security features, directly related to file uploads. While the compliance is not currently related to communication channels or direct messaging between patients and providers, two sources told CNBC that those features are expected in the coming months.
In fact, the messaging and chat app for businesses confidentially went public on Monday, which could signal Slack’s potential move into healthcare sector business.
Currently, the HIPAA compliance is only tied to its enterprise version, Enterprise Gold, which is not the same as the typical Slack platform used by most businesses. Enterprise Gold is built on a different platform, designed for businesses with more than 500 employees.
The platform encrypts data in transit and at rest, customer message retention, data loss prevention support, and gives administrators the ability to remotely terminate connects and sign users out from connected devices. All of these features could support HIPAA compliance moving forward.
According to its security page, Slack also complies with NIST standards – one of the most commonly used standards in healthcare.
On Monday, Slack confirmed its HIPAA status on Twitter: “Enterprise Grid is the only Slack product that complies with the stringent regulations of HIPAA. For more information, please send us some particulars… We’d be happy to discuss whether Grid is right for your organization.”
Slack also provided a form on its security page that provides requirements for HIPAA enterprises. It’s important to note that if used by a provider, they will need to first obtain a business associate agreement and work out those details with Slack.
According to its site, users are not allowed to use, transmit, or process any protected health information as mandated by HIPAA. So while the added HIPAA features are promising, it will still be some time until Slack’s Grid platform is fully HIPAA-compliant for patient data sharing.