Skype is owned by Microsoft and is part of Office 365. Microsoft does offer a Business Associate Agreement (BAA) for Office 365 which technically covers Skype for Business (but not regular Skype).
However, Skype lacks many controls and features that are actually required for an organization to be HIPAA-compliant, such as access auditing, backups, and breach reporting. This makes it unclear what the usefulness of its being "covered" under Microsoft's BAA really is. Microsoft is really just leaving it up you to determine if the use of Skype is appropriate without taking any steps to ensure that use of Skype really meets all of HIPAA's requirements. Additionally, even though Skype is covered under Microsoft's BAA, the regular, free Skype used by most people is not covered. So, for example, a doctor should under no circumstances have a session with a patient, where that patient is using the regular free Skype program. This patient must use the web browser-based business Skype interface in order to be covered.
LuxSci's SecureVideo service was built to be HIPAA compliant and in fact provides better video quality in one-on-one video calls and in group video teleconferencing. LuxSci SecureVideo:
When considering if Skype can be used in a HIPAA-compliant manner, there are many relevant items to consider:
These items taken together mean that:
The problem is that this argument doesn't really hold water very well:
The Safeguards principle means that if you can reasonably apply measures to ensure privacy, you should absolutely do so. With analog FAX, that is hard to do in a way that is generally compatible with everyone else. Since use of FAX may be required and there may be no really feasible way to send them securely, you might choose not to -- as long as you take all other reasonable measures to ensure privacy. This is a risk-benefit analysis you must perform and on which you must make your compliance business decisions.
For a secure, HIPAA-compliant chat solution, you must look to a vendor that offers this service and provides a Business Associate Agreement and all of the appropriate security controls specified by HIPAA. Skype does not pass muster. Regular text messages (SMS and MMS) certainly do not.
One good solution is SecureChat by LuxSci, as it is HIPAA-compliant, simple, has easy-to-use iOS and Android apps, works in a web browser, and stores all of your chats and attachments permanently and without storage limits.
With video conferencing, the situation is somewhat different:
Since it is relatively easy to choose a Safeguard that allows you to be more fully compliant with HIPAA when video conferencing, it would be neglectful to instead use Skype for this purpose.
It does come down to the individual organization weighing the risks. If you choose to use Skype and accept the risk-benefit analysis, that is up to you, but you must be able to justify your decision in your internal HIPAA compliance reviews and be prepared to answer pointed questions from auditors, should the need arise.
There are many organizations that offer video conferencing and which claim HIPAA compliance and/or which offer Business Associate Agreements.
LuxSci's SecureVideo is one option which provides a BAA and a service specifically designed to meet the HIPAA-compliance requirements for telehealth.
New accounts ready in 1 hour*
Account term is month-to-month
Free 30-minute training call included
*for non-dedicated-server orders placed between 9am and 10pm Eastern Time, USA. Provisioning can be delayed due to issues validating orders.
I wanted to congratulate you on your service; the reduction in Spam is incredible, and the speed of delivery is stunning. I am recommending you to all of my friends and associates! You can quote me on that!"
I am extremely satisfied with your security features and with the extent of knowledge of your support staff. You provide a solid, reliable service and also manage to continue to add more thoughtful features -- all at a reasonable price."
Every time I needed support with LuxSci's Secure Email solution the technical staff at LuxSci found the solution very quickly. They always get to work on a ticket immediately. They always give a status update in the ticket system which also notifies via email. Opening and updating a support ticket is very easy. We are very pleased with the Secure Email product and the support team."
We use your High Volume SMTP service for our automated invoicing and purchase confirmations, so it is a critical part of our business. Your bulk SMTP has been the most reliable and cost effective I have used. The technical and sales support have been timely, efficient, and effective. I highly recommend."
You are exceeding expectations. I have been very impressed with your organization. From sales and billing to tech support, everyone has been very responsive and knowledgeable. Most problems are resolved during the first contact. Thank you for your dedication to service and excellence. I will be recommending you without hesitation."