At Slack, we are committed to ensuring that the data you share is always protected.

Slack complies with many broadly recognized standards and offers tools to help customers meet their compliance requirements. Companies that are subject to HIPAA (the Health Insurance Portability and Accountability Act of 1996) such as health plans, health-care providers, health insurance companies, health benefit providers, and the many businesses that provide them with services, can configure Slack Enterprise Grid to support HIPAA-compliant collaboration. When Slack is helping these customers carry out health-care activities or functions, Slack is a vendor/service provider classified as a business associate (BA) under HIPAA.

Health-care organizations using Slack while maintaining HIPAA compliance

Benefits

Share protected health information confidently

Enterprise Grid is Slack’s solution for large, complex organizations. It includes all of the security and governance functionality you expect in an enterprise solution but with an intuitive, consumer-software-like experience that results in a high rate of adoption.

When configured and used according to Slack’s specific requirements for HIPAA entities, teams collaborating on Enterprise Grid can share Protected Health Information (PHI) within direct, group and channel messaging, and in file uploads.

Save time with Slack AI

Slack AI helps organizations work faster in the platform they are using every day. Slack AI searches public and private conversations to help find answers faster. Slack AI seamlessly summarizes conversations and threads, giving you the highlights in seconds. And, Slack AI lets you create daily recaps of your most important channels so you can stay on the same page as your team.

Slack AI is built within Slack’s trust boundary and respects user visibility.

Control your company’s use of Slack

Compliance monitoring is not one-size-fits-all. Slack Enterprise Grid provides APIs to support monitoring of access, activity and data in customer workspaces. This ensures that every company can implement tools and processes that are right for them. You can use Slack’s Discovery APIs and set up an external Data Loss Prevention (DLP) provider to enforce message and file restrictions and export message and file content for HIPAA compliance.

Slack partners with many best-of-breed providers that may already be present in your company.

Audit Logs

Partner-enabled functionality:

Download logs of activity within your Slack workspaces

Capture events like file downloads, file uploads and admin setting changes

Data Loss Prevention

API-based with pre-built connectors to leading solution partners

Integrated DLP solutions have complete access to all content within your enterprise organization

Partner enabled functionality:

Monitor messages and files in public channels, private channels and direct messages

Actively quarantine and remove noncompliant content in near real time

What you should know about using Slack in a HIPAA-regulated environment

Slack Plan Supported: Enterprise Grid

Requirements: Contact Slack to get the Slack Requirements for HIPAA Entities guide

Other tools you will need: DLP solution, SSO solution, backup/archival

Process:

Review and commit to implementing the Slack Requirements for HIPAA Entities guide

Sign Slack’s business associate agreement (BAA)

Provide Slack with a list of all Slack orgs or workspaces with which you plan to use PHI

More on Slack requirements for HIPAA entities