video conferencing Archives

Posts Tagged ‘video conferencing’

Is Skype HIPAA Compliant? If not, what is?

Saturday, May 9th, 2020

In recent times we have seen a huge push toward telehealth, so many are wondering, “Is Skype HIPAA compliant?” While Skype is a practical tool that many people have access to, it’s important to consider any regulatory obligations you need to meet before you use it.

If your business collects, stores, transmits or processes electronic protected health information (ePHI), then it is subject to HIPAA regulations. Organizations that process ePHI on behalf of other parties also need to stick within the rules, otherwise they may face heavy fines.

Regardless of whether your organization provides health services through video or it uses video platforms to process ePHI in any other way, it needs to make sure it is using software that abides by the regulations.

Wondering, “Is Skype HIPAA compliant?” is a good starting point, but there are several things to consider before you commit to a video conferencing service.

Do You Need a BAA to Make Skype HIPAA Compliant?

A business associates agreement (BAA) is a contract between your organization and any others that process its data. In essence, these agreements outline how ePHI will be used, what control measures will be in place, and where the responsibilities lie between the two parties.

BAAs are absolutely necessary for HIPAA compliance. Even if your organization and its partner share ePHI with every control and security mechanism imaginable, as well as following all other aspects of the regulations, it would still be violating HIPAA if a signed BAA was not in place.

If your organization is going to be sharing ePHI over a video service, then it needs to be HIPAA-compliant.* However, the only way that it can be HIPAA compliant is if a BAA is in place.

Is Only the Business Version of Skype HIPAA Compliant?

Skype comes in several different versions, but the basic, consumer oriented one is not HIPAA compliant. The only type that offers BAAs and which could be made HIPAA compliant is Skype for Business, which is one of Microsoft Office’s business communication tools. Note that “Skype for Business” is a completely different service than consumer Skype.

However, it’s also worth noting that Skype for Business is currently being phased out in favor of Microsoft Teams. If you don’t already have a supported version of Skype for Business, you should look for HIPAA-compliant alternatives instead. Support for Skype for Business Online ends in 2021, while support for Skype for Business Server will be extended until 2025.

With this in mind, it’s probably not worthwhile pursuing any version of Skype for HIPAA compliance. If you use the basic version of Skype, you will be violating the regulations, and even if you can get Microsoft to sign a Skype for Business BAA, you may have to switch your software in 2021 anyway.

HIPAA-Compliant Alternatives to Skype

Considering that Skype for Business doesn’t have much time left and that it is not even the same as “regular Skype,” your organization will be better off finding a HIPAA-compliant alternative. One option is LuxSci’s SecureVideo, which was designed specifically to make it easy to stay within the regulations.

SecureVideo was developed from the ground up with HIPAA compliance in mind, ensuring that it became a practical video calling service that made security and compliance simple. The Zoom for Healthcare-based platform is great for telemedicine and other forms of sharing ePHI.

SecureVideo includes handy features like screen-sharing, file-sharing, and virtual clinics, with a capacity of up to 100 participants. This makes LuxSci’s SecureVideo a convenient and compliant alternative to Skype.

* During the Covid-19 pandemic, HHS has waived responsibility for breaches through non-compliant video conferencing services, like Skype. So, while Skype may not be compliant, it is OK to use during the pandemic. However, as the pandemic subsides and this waiver is lifted, you should have transitioned to a service that is actually HIPAA compliant.

Tags: business associate agreement, chat, ePHI, hipaa, hipaa compliance, microsoft, phi, skype, telemedicine, video, video conferencing
Posted in Business Solutions, LuxSci Library: HIPAA
1 Comment »

Is Zoom HIPAA-Compliant?

Monday, March 30th, 2020

Zoom is an extremely popular video-conferencing platform. Many healthcare organizations may be wondering: Is Zoom HIPAA-compliant?

While it is true that HIPAA compliance requirements around telehealth were relaxed (which includes video teleconferencing) for the duration of the Covid-19 pandemic, the pandemic will eventually end. Companies that have invested time and money in accelerating their telehealth infrastructure would prefer not to have to change everything because they chose a non-compliant solution. Now compliance is “back on the table.”

If your healthcare organization processes ePHI and uses video-conferencing and calls to enable people to work from home, it must know whether Zoom is HIPAA-compliant.

What Is Zoom Video Communications?

Zoom Video Communications is a company that offers a range of different services, mainly associated with video calls, video-conferencing, and other types of online collaboration. It has become quite popular over the past few years, particularly for business use, so it may be appealing for healthcare organizations to adopt.

Do Video Call Solutions Like Zoom Need to Be HIPAA-Compliant?

Any covered entity that processes electronic protected health information (ePHI) on behalf of others needs to be aware of the HIPAA regulations and deal with the data appropriately.

HIPAA regulations apply when data is collected, stored, and transmitted by email or other technologies. This includes video calls and conferences. Perhaps this is easy to overlook because many organizations don’t store the video data from calls – but that doesn’t mean the information can’t be intercepted by attackers or accidentally leaked, both of which can have significant repercussions for victims.

If a video calling platform is not HIPAA-compliant and is poorly secured, attackers can insert themselves and either access or record calls. Cybercriminals can then use this information in various crimes, ranging from extortion to identity theft.

Organizations that violate HIPAA can meet severe penalties, including up to $50,000 for each civil violation or up to $250,000 and 10 years imprisonment for each criminal violation.

Is Zoom HIPAA-Compliant for Video Calls & Teleconferences?

The short answer is not necessarily, but Zoom HIPAA compliance is possible. The first thing that you need to know is that the standard offerings of Zoom are not HIPAA-compliant.

Why aren’t these types of Zoom HIPAA-compliant? The simple answer is that they were designed for other purposes, which means that healthcare organizations should never use Zoom for any calls that could involve ePHI.

If organizations are set on using Zoom, there is a HIPAA-compliant option – Zoom for Healthcare. However, there are strings attached. Users need to pay for licenses instead of using the free version of Zoom. In addition, organizations must sign a business associates agreement (BAA) with Zoom. This is a contract that stipulates the conditions and where responsibility lies.

If your organization does choose Zoom, it needs to make sure that it only uses its service within the confines of the BAA.

What Else Should I Know?

Choosing Zoom for Healthcare is a perfectly acceptable option for HIPAA compliance. However, one item that is often overlooked is email notifications. How are patients receiving links to video conferences? HIPAA compliance is needed for appointment reminders, and telehealth appointments are no exception. LuxSci’s Secure High Volume Email is an excellent option for sending HIPAA-compliant emails via SMTP or API. Contact us to learn more.

Tags: email reminders, HIPAA-compliant video conferencing, secure video, video conferencing, zoom
Posted in Secure Video, Telehealth
No comments »

6 Telehealth Privacy and Security Essentials

Thursday, September 21st, 2017

HIPAA covers telehealth but does this make it safe? Learn the measures that ensure patient safety and privacy while using a virtual doctor visit program.

Over the past few years, the rise of telehealth in healthcare has transformed patient-doctor interactions. Nonetheless, the privacy and security of protected health information (PHI) remain a big question. These concerns make sense because new technology often comes with new challenges.

Luckily, every problem comes with a solution. Thus, making a few smart choices can work wonders to keep the patient data protected.

Read the rest of this post »

Tags: ePHI, hipaa, HIPAA-compliant video conferencing, privacy, security, telehealth, video conferencing
Posted in LuxSci Library: HIPAA
1 Comment »

What Is HIPAA-Compliant Videoconferencing?

Monday, October 10th, 2016

HIPAA-compliant videoconferencing is a form of telecommunication used in health settings, allowing multiple parties (e.g., doctor and patient) to communicate via two-way video and audio transmissions. It provides patients with the same privacy and confidentiality that applies to in-person visits, protecting their information and giving the same care to storage and dissemination of the video as to paper documents under the Health Insurance Portability and Accountability Act (HIPAA).

hipaa-compliant videoconferencing

There are many advantages to videoconferencing with patients rather than meeting them in person. Some patients have limited mobility, making it difficult to visit a healthcare provider physically. Some patient follow-ups only require a quick conversation and don’t require a physical examination. It may also be much more convenient for many patients to have a video conversation than to travel to a doctor’s office. Another benefit is the cost savings; videoconferencing can be much cheaper than in-person visits.