Avast isn’t a recommended tool for PHI because the service is unclear about HIPAA compliance. Also, Avast won’t sign a BAA.
Avast offers free antivirus software that isn’t HIPAA compliant. Other service plans, such as Virtual Mobile Platform (VMP), might meet certain HIPAA requirements.
Avast offers security features that seem to comply with specific HIPAA regulations. But the only mention of HIPAA on their website is in a press release about Virtual Mobile Platform (VMP). Avast VMP allows users to share photos and medical images securely, without storing the data on a personal device. Also, all IM messages and phone calls are encrypted, which may fit HIPAA requirements.
There is no mention of HIPAA on the VMP web page or the Avast website. Because Avast won’t sign a BAA, it’s best for covered entities to use another service for protected health information.