For IT & Collaboration Owners
Deliver safe, secure collaboration while satisfying the needs of stakeholders across the business

For Security
Improve your risk posture with a purpose-built solution for collaboration

For Legal
Scale, orchestrate and streamline your eDiscovery process for employee collaboration
For Compliance
Establish a proactive approach to collaboration compliance and information governance

For Employee Experience
Harness insights from surveys and collaboration data to transform the employee experience

AWR-2023_human-behavior-risk-analysis-report_cover art_small
Download the Resource

The Human Behavior Risk Analysis

Learn More →


Connect Aware to the tools you already use to have all your company messaging in one place.

Our Platform

Contextual Intelligence Platform

Aware is a contextual intelligence platform that identifies and reduces risk, strengthens security and compliance, and uncovers real-time business insights from digital conversations at scale.

LEARN MORE → Learn About our AI →
Our Applications


Protect your data and your people with complete, real-time visibility and centralized control of collaboration.

Learn More →

Data Management

Take centralized control and make smarter decisions about what to keep and what to purge.

Learn More →

Search & Discover

AI-powered universal search purpose-built for collaboration. Find information and surfaces the full story—faster.

Learn More →


Automatically capture authentic human signals from modern collaboration to support your most valuable asset.

Learn More →

What's in your data?

Calculate my results →


About Aware

Our leadership, our company


Explore open roles with our remote-friendly, global team


Driving customer value, together

Press Releases

Digital workplace news and insights


How Aware customers streamline operations, reduce risk, and boost productivity


Data security partners & certifications


Get in touch with us


10 Reasons Why Aware is a Top Place to Work

Learn more →


Access reports, webinars, checklists and more.

Explore →


Explore articles devoted to enterprise collaboration, employee engagement, research & more

Explore →
Case Study Promo_2023

How Aware customers streamline operations, reduce risk, and boost productivity

Read More →

Is Cisco Webex HIPAA Compliant?

by Aware

HIPAA fines can cost up to $50,000 each and incidents of data leaks are on the rise. That means it’s never been more important for covered entities to review how they handle protected health information in the digital workplace. This is especially true in collaboration tools like Webex by Cisco.

While these tools provide companies with efficient ways to meet and work remotely, the ease with which they transmit information also introduces the risk of data leaks and regulatory noncompliance. This post explores what healthcare organizations need to know to meet their HIPAA obligations while using Webex by Cisco.



Learn more about how Aware supports HIPAA compliance in Webex

What is Webex by Cisco?

Cisco Webex is a cloud-based platform that offers video conferencing, online meetings, screen sharing, and messaging features. It is designed to enhance productivity and enable seamless collaboration among remote and hybrid teams. Some alternatives to Webex include Slack, Microsoft Teams, and Zoom.

Webex is used by 95% of the Fortune 500 and in industries ranging from government and education to healthcare and finance. As such, Webex contains several features designed to increase information security and protect the data of highly regulated organizations.

What is HIPAA?

HIPAA legislation sets provisions for safeguarding protected health information (PHI). It applies to a wide range of covered entities, including healthcare facilities, health insurance providers, and some government agencies. HIPAA recognizes that PHI is uniquely sensitive information and should be stored, transmitted, and accessed according to higher standards than other types of data.

Sharing of PHI is covered under the HIPAA Privacy Rule, which outlines the restrictions required before covered entities can disclose an individual’s PHI. The Privacy Rule affirms the patient’s right to access their own health records and restrict how those records are shared.

physician using webex hipaa

Is Webex HIPAA Compliant?

Cisco Webex has implemented a comprehensive set of security features and controls to protect sensitive information and has conducted a HIPAA audit to confirm its offerings comply with the standards of the HIPAA Security Rule. However, out of the box, Webex does not come with HIPAA compliance enabled. Organizations in the healthcare industry must take additional steps to configure and use Webex in a manner that aligns with HIPAA requirements.

These steps include implementing the safeguards provided by Webex to secure sensitive data, and providing the right training to ensure employees follow HIPAA guidelines when accessing or disclosing PHI. Finally, covered entities must sign a Business Associate Agreement (BAA) with Cisco.

blog illustration 22

Understand your HIPAA obligations in enterprise collaboration tools

Does Cisco sign a BAA for Webex users?

A Business Associate Agreement (BAA) is a contract between a covered entity (e.g., a healthcare provider) and a business associate (e.g., a technology vendor) that governs the use and protection of PHI. Cisco offers BAA agreements for qualified Webex users, demonstrating their commitment to safeguarding PHI and complying with HIPAA regulations.

Is Cisco Webex Suitable for Telehealth?

The same security features that make Webex suitable for use by HIPAA-covered entities also enable users to conduct telehealth appointments through Webex. Webex for Healthcare provides a range of secure collaboration features designed with telehealth in mind.

cisco webex for telehealth

5 Ways Webex Protects Sensitive Information:

  • Encryption: Webex employs industry-leading end-to-end encryption for messaging and user-generated content, and Zero Trust end-to-end encryption for Webex meetings. This ensures that communications and stored information remain secure and confidential.
  • Access Controls: Webex offers granular access controls, allowing administrators to define user roles, permissions, and authentication methods to prevent unauthorized access to sensitive information.
  • Secure Data Centers: Cisco operates highly secure data centers where Webex data is stored. These centers adhere to industry-leading security standards and undergo regular audits and assessments.
  • Secure Meeting Features: Webex provides options such as password-protected meetings, waiting room functionality, and security controls to prevent unauthorized participants from joining and ensure meeting privacy.
  • Compliance with Industry Standards: Cisco Webex complies with various industry standards and regulations, such as ISO 27001, SOC 2 Type II, SOC 3, and HITRUST.

What Webex Settings Should Administrators Use for HIPAA Security?

Workplace administrators play a vital role in ensuring their Webex environments remain HIPAA compliant. It is critically important for admins to understand their information security obligations under HIPAA and enable controls that comply with regulatory need. Some examples include enabling end-to-end encryption and enforcing 2-factor authentication (2FA), multi-factor authentication (MFA), or single sign-on (SSO) to limit the visibility of PHI to authorized personnel.

In addition to establishing necessary safeguards, administrators should also be proactive about training employees on their obligations under HIPAA and how best they can protect PHI. This involves security measures such as creating strong passwords and changing them regularly and following other infosec best practices.

5 Security Concerns When Sharing PHI in Webex:

  • Data Breaches: The number of breach victims reached 422 million in 2022, a threefold increase on the previous year. Cloud-based applications like Webex are particularly vulnerable to insider threats unless proactively addressed.
  • Compliance Challenges: Webex enables users to sync files and data instantly across multiple devices. Ensuring compliance within this environment is a constant challenge for administrators who must ensure they implement the right controls.
  • User Error: Human error, such as accidental sharing of PHI or misconfiguration of security settings, can inadvertently expose sensitive information and lead to HIPAA violations.
  • Third-Party Integrations: When using Webex in conjunction with other third-party applications or services, organizations must ensure that these integrations also comply with HIPAA regulations and do not compromise the security of PHI.
  • Data Retention and Disposal: Properly managing the retention and disposal of PHI stored in Webex is crucial to comply with HIPAA regulations. Organizations must have policies and procedures in place to securely delete or archive data when it is no longer needed.


How Aware Helps Businesses Protect PHI in Webex by Cisco

Aware supports HIPAA compliance within Webex Messaging using targeted AI/ML workflows based on industry-leading natural language processing (NLP). Aware’s proprietary NLP identifies PHI within Webex Messaging content in real time and triggers smart automations to notify stakeholders and mitigate the risk.

Modern business happens outside the 9-5, so Aware’s around-the-clock compliance automations ensure HIPAA-covered entities remain compliant 24/7 across the entire Webex Messaging collaboration platform, including in public and private spaces and group and direct messages.


While Cisco Webex provides a range of security features and can be configured to meet HIPAA requirements, it is essential for organizations in HIPAA-regulated industries to assess and implement the necessary settings and controls to ensure compliance. By following cybersecurity best practices, training users, and deploying advanced AI-powered compliance automations from Aware, organizations can leverage the benefits of Webex while protecting sensitive health information.

Learn more about how Aware can secure all your workplace collaboration tools from a single AI-powered platform for unified compliance and security, plus next-generation business insights.

Compliance, Security, & Insights for Cisco Webex

Topics:Compliance AdherenceEnterprise CollaborationCisco Webex Messaging