Slack has been working hard and now have some upcoming HIPAA Compliant Features in the works. So far their file upload service is the only feature that is HIPAA compliant. Let’s not shy away from the vendor just yet because after all they are NIST complaint and which plays a roll into HIPAA.
Since its launch, Slack has not been HIPAA compliant, although steps have been taken to develop a version of the platform that can be used by healthcare organizations. That version is called Slack Enterprise Grid.
The only HIPAA compliance Slack app would be the Enterprise Gold which is not the same as the other business platforms. Slack Enterprise Gold is built on a more robust platform designed for 500 or more employees.
The Slack Enterprise Gold platform encrypts data in transit and at rest. It has customer message retention and data loss prevention. Which is a step forward for HIPAA compliance.
On February 8th 2019 Slack confirmed its HIPAA status on Twitter: “Enterprise Grid is the only Slack product that complies with the stringent regulations of HIPAA. For more information, please send us some particulars… We’d be happy to discuss whether Grid is right for your organization.”
Slack also provided a form on its security page about requirements for HIPAA enterprises. It’s important to note that if used by a provider, they will need to first obtain a business associate agreement and to work with Slack.
Slack also mentioned that, users are not allowed to use, transmit, or process any protected health information as mandated by HIPAA. So while the added HIPAA features are promising, it will still be some time until Slack’s Grid platform is fully HIPAA-compliant for patient data sharing.