Is FaceTime HIPAA compliant?

FaceTime in healthcare

In a healthcare setting, FaceTime can be used for non-clinical communication that does not involve Protected Health Information (PHI). FaceTime could facilitate real-time communication among staff members for administrative or operational discussions. It might also be used for non-medical patient engagement, such as providing a virtual tour of the facility to prospective patients or coordinating community health events. Health professionals could even use FaceTime to conduct non-confidential trainings or staff meetings, fostering collaboration and team-building. The convenience and accessibility of FaceTime make it suitable for these non-sensitive interactions within a healthcare environment, but caution must be exercised to avoid any use that would require HIPAA compliance.

FaceTime and HIPAA compliance

FaceTime is not HIPAA compliant. Apple does not sign a Business Associate Agreement (BAA) for FaceTime, which is a hard requirement for any vendor that stores, processes, or transmits protected health information (PHI) on behalf of a covered entity. Without a BAA, using FaceTime to discuss, share, or transmit PHI is a HIPAA violation — regardless of the encryption FaceTime uses.

FaceTime does employ end-to-end encryption (E2EE) for both audio and video calls, which is a meaningful security feature. However, strong encryption alone does not make a product HIPAA compliant. HIPAA's Security Rule also requires administrative safeguards (workforce training, policies), physical safeguards (device controls), and the legal framework of a BAA to assign liability and define responsibilities between the covered entity and the vendor.

Apple's privacy policy and terms of service do not include HIPAA-specific language, and Apple has not published documentation indicating FaceTime is designed for healthcare use.

What healthcare providers can use FaceTime for

FaceTime is appropriate for:

• Internal staff communication that involves no PHI (scheduling, logistics, non-patient topics)
• Non-clinical patient outreach (directions to the clinic, general wellness reminders that contain no health information)
• Personal communication between employees on personal devices

FaceTime should never be used for:

• Telehealth consultations where clinical information is discussed
• Sharing test results, diagnoses, treatment plans, or any PHI
• Any communication where the contents could be subpoenaed as medical records

HIPAA-compliant FaceTime alternatives

If you need HIPAA-compliant video calling, consider platforms that sign a BAA and are purpose-built for healthcare telehealth: Zoom for Healthcare (with the BAA enabled), Microsoft Teams with a healthcare BAA, or dedicated telehealth platforms such as Doxy.me, Updox, or Teladoc.

Frequently asked questions

Is FaceTime HIPAA compliant? No. FaceTime is not HIPAA compliant. Apple does not sign a Business Associate Agreement (BAA) for FaceTime, which means it cannot be legally used to transmit or discuss protected health information (PHI) in a healthcare context.

Can doctors use FaceTime for telehealth? Doctors should not use FaceTime for telehealth visits that involve PHI. Without a signed BAA from Apple, any clinical discussion over FaceTime is a potential HIPAA violation. Healthcare providers should use a telehealth platform that signs a BAA.

Does Apple offer a HIPAA BAA for FaceTime? No. Apple does not offer a HIPAA BAA for FaceTime. Apple does not position FaceTime as a healthcare product and has not published HIPAA compliance documentation for the service.

What video platform is HIPAA compliant? HIPAA-compliant video platforms include Zoom for Healthcare (with BAA), Doxy.me, Microsoft Teams (healthcare BAA), and Google Meet (via Google Workspace BAA). Each of these will sign a BAA and includes healthcare-specific security and configuration options.