Slack, through its enterprise-level product plans, is able to offer Covered Entities and Business Associates a way to use Slack services (the “Services”) in a manner consistent with their compliance obligations. Customers that are subject to the Health Insurance Portability and Accountability Act (“HIPAA”) and intend to transmit, upload, or communicate about protected health information (“PHI”) through the Services must sign a Business Associate Agreement (“BAA”) with Slack and use the Services in accordance with the Requirements Section of this Guide for HIPAA Entities (“Guide”), which are also incorporated in the Salesforce BAA Restrictions Article. For clarity, Slack is an Affiliate of Salesforce, and references to "Salesforce" that may be in Customer’s contract or BAA include Slack.
In addition to the Requirements for entering PHI through the Services, this Guide contains important configuration considerations. Please read this entire document and ensure that the limitations conform with your intended use of the Services. You must ensure that your Workforce members (as defined by HIPAA) are familiar with these requirements and limitations before provisioning access to them.
We may update or revise this Guide from time to time. We will provide you with notice of material changes and an updated copy through your owner or administrator. For more information about your company’s BAA or this Guide, please contact your Slack sales representative. Capitalized terms not defined in this Guide have the meanings given to them in HIPAA.