Is WhatsApp® a HIPAA Compliant Telemedicine Software?

Updated on March 28, 2023

In order for a communications platform to be considered HIPAA compliant, it must fulfill the following requirements:

  • Employ end-to-end encryption
  • Implement access control
  • Enable audit controls 
  • Sign a business associate agreement (BAA)

Recommended:  Zoom® is a HIPAA compliant telehealth software

WhatsApp® provides end-to-end encryption, but that does not mean that it is HIPAA compliant. There are other facets of HIPAA that must be satisfied before the software can be deemed compliant.

  1. Since WhatsApp® does not require users to enter a password for every session, it does not provide the required access controls.
  2. Because messages and attachments are easily deleted from WhatsApp®, audits cannot be conducted, which is necessary for HIPAA compliance.
  3. WhatsApp® cannot ensure that all communications containing ePHI (electronic personal health information) are completely deleted remotely once an employee leaves the employment of a covered entity.
  4. WhatsApp® has not agreed to sign a BAA with a covered entity.

WhatsApp® is NOT a HIPAA compliant telemedicine software and should not be used to share ePHI or deliver online healthcare, since doing so would violate HIPAA regulations. Healthcare professionals may use WhatsApp® for general communication or for providing de-identified PHI.

Recommended: Skype™ is a HIPAA compliant telehealth software

For healthcare professionals who would like to utilize a HIPAA compliant video communication tool, some companies have already stated that they will enter into a HIPAA business associate agreement and follow HIPAA compliance regulations. The Office for Civil Rights (OCR)¹ has provided a list of HIPAA compliant telemedicine software, which includes:

  • Skype for Business™
  • Updox®
  • VSee™
  • Google Hangouts™
  • Zoom for Healthcare®
  • Cisco® Webex Meetings / Webex Teams
  • Amazon Chime™
  • GoToMeeting™
  • Spruce Health Care Messenger™
  • Bridge Video Visits, powered by Zoom for Healthcare®

In order to implement HIPAA compliant telemedicine software, patients must also complete the necessary patient consent forms and agreements. Commonly used consent forms and agreements for online patient portal and telehealth platforms include:

Bridge Patient Portal provides a highly customizable, all-in-one patient engagement software that meets some of the most complex needs of high volume, multi-specialty healthcare organizations, including HIPAA compliant messaging.

While the popularity of WhatsApp™ can make it a tempting platform for communication with patients, it should be avoided due to the risk of HIPAA violation. As a safe alternative, Bridge offers a HIPAA-compliant telehealth solution that seamlessly integrates with your existing EHR system. The platform leverages the strictest security standards and can be customized to fit your organization’s unique needs. Its stand-out feature is a suite of patient engagement functionality outside of telehealth that automates the online care journey for a better patient experience and more efficient workflows. Contact us to discuss how our telehealth platform can help you excel at patient engagement. 

DISCLAIMER: All product and company names are trademarks™ or registered® trademarks of their respective holders. Bridge Patient Portal is not affiliated to, endorsed by, or sponsored in any way by the service providers mentioned in this article.

  1. Office for Civil Rights (OCR) (2020). Notification of Enforcement Discretion for telehealth. [online] Available at: