GroupMe does not appear to be HIPAA compliant, as there is no publicly available indication that it offers a Business Associate Agreement (BAA) or meets HIPAA’s required safeguards.
GroupMe is a free mobile and web-based group messaging service owned by Microsoft. It provides users with the ability to send text and multimedia messages in groups or direct messages, create polls, plan events, and communicate across multiple platforms. The service is designed primarily for personal, educational, and community-based communication.
Publicly available Microsoft compliance documentation does not list GroupMe among its services that support HIPAA compliance or are eligible for inclusion in a Microsoft Business Associate Agreement. Microsoft’s HIPAA Implementation Guidance instead focuses on services like Microsoft 365 and Microsoft Teams, which can be configured to meet HIPAA requirements under certain conditions.
While GroupMe offers general security protections for its users, there is no indication on its official website or in Microsoft compliance documentation that the service includes the specific administrative, physical, and technical safeguards outlined in the HIPAA Security Rule—such as detailed audit controls, granular access management, or role-based permissions—when handling protected health information (PHI).
