What Is This Product?
WhatsApp Messenger is a freeware and cross-platform instant messaging and VoIP service. The application allows the sending of text messages and voice calls, as well as video calls, images and other media, documents, and user location.
Unlike Signal, WhatsApp stores meta-data (data about the messages and message senders and receivers) and therefore does not qualify as a conduit, but as a business associate. However, WhatsApp will not execute a Business Associate Agreement and is, as a result, not a HIPAA-secure option.
Person Centered Tech gets a lot of questions about using WhatsApp because they advertise their service as “end-to-end-encrypted” and because they utilize the same open-source protocol as Signal, by Open Whisper Systems. Despite using the same encryption protocol as Signal, which we do recommend, WhatsApps’ storage of meta-data is where the two options diverge and why the HIPAA-security and recommendation outcome differ for the two otherwise very similar services. A “no” outcome for WhatsApp should not cause distress, though, because Signal is an excellent alternative that is both HIPAA-secure and free. For details about using Signal, please see our review here. For an Office Hours discussion comparing and contrasting WhatsApp and Signal, please see question/answer clip #3 by clicking here.