Slack Business Associate Agreement

More and more companies are joining Slack to improve their internal communication. But when it comes to health organizations and their needs, the question arises: Is Slack HIPAA compliant? While Slack and messaging apps like this one can make collaboration easier and more efficient, there are still many grey areas around its use in the healthcare sector and whether this platform is the right solution for maintaining data protection and security requirements. If a covered company or business partner has implemented a business association agreement with Slack and Enterprise Grid is used to transfer, download or communicate via PHI, Slack is considered a business partner. If you would like a member of our support team to respond, please send a note to feedback@slack.com. A BUSINESS ASSOCIATE Agreement (BAA) is required in accordance with HIPAA rules. A business partner is any organization committed to the processing of PHI on behalf of another organization. Under HIPAA, Slack is considered a business partner. An BAA describes what business partners can and cannot do with the PPH they have access to, how they will protect these PIs, how they will prevent illegal disclosure of PHI, and the appropriate method to report violations to the PHI in the event of a data breach. Slack`s hipaa document describes the general process required to make Slack HIPAA compliant.

First, hipaa companies that want to use Slack should contact the company. Slack then sends the “Slack Requirements for HIPAA Entities” guide, which must be verified and accepted. Finally, HIPAA entities using Slack must sign and execute a Business Associate Agreement (BAA) with Slack. Slack also indicates that it may be necessary to enter a BAA with certain third-party providers of application providers such as Nightfall or other services in the Slack App Directory. If you work with other service providers, you should speak to them directly to confirm whether you need a BAA or not. The Slack Requirements Guide and the Slacks BAA contain the most comprehensive details of the exact configuration and control you need in Slack. However, the documents published by Slack illustrate overall how Slack will be used in a health environment. Slack states: “Unless the customer has entered into a written agreement to the contrary with Slack, the customer acknowledges that Slack is not a business associate. This statement suggests that Slack may be ready to sign a BAA for Slack Enterprise Grid.