This blog post is updated regularly! Last update: 6/17/2013
Be sure to browse our Course Catalogue!
Be sure to check out this telemental health comparison guide if you are seeking HIPAA compliant platforms to deliver services: http://www.telementalhealthcomparisons.com/
And if you are seeking a course in video-counseling visit: http://onlinetherapyinstitute.com/using-videoconferencing-to-conduct-online-therapy/
First, let’s discuss Skype. Everyone wants to know- is Skype encrypted?
Yes, Skype is encrypted. But, Skype is not necessarily HIPAA compliant. For U.S. practitioners who need a HIPAA compliant solution (that means the practitioner can engage in a HIPAA Business Associate Agreement with the 3rd party and that 3rd party is also HIPAA compliant) then Skype may not be a viable alternative. One could argue though, that we don’t have a HIPAA Business Associate Agreement with AT&T or Vodafone when we use a landline for audio calls but if you are using video/chat and audio full on with clients as a mental health practitioner in the U.S. just consider the need for the HIPAA Business Associate Agreement. While Skype’s video and audio calls are not recorded and maintained on Skype’s servers, chat conversations are and that would be considered PHI.
In the news 5/20/13
Think your Skype messages get end-to-end encryption? Think again http://arstechnica.com/security/2013/05/think-your-skype-messages-get-end-to-end-encryption-think-again/
In the news 5/1/2013
Skype & HIPAA: The Vexing Question http://www.issuu.com/onlinetherapyinstitute/docs/tiltissue14/42
In the news 5/1/12
Skype leaking user IP addresses, TCP ports http://www.zdnet.com/blog/security/skype-leaking-user-ip-addresses-tcp-ports/11733
Skype update as of 6.10.11
Breakthrough http://www.breakthrough.com recently received a written statement from a Skype representative and with Breakthrough’s permission I am sharing this information.
Skype is not a business associate subject to HIPAA nor have we entered into any contractual arrangements with covered entities to create HIPAA compliant privacy and security obligations. Instead, Skype is merely a conduit for transporting information, much like the electronic equivalent of the US Postal Service or a private courier. Skype does not use or access the protected health information (PHI) transmitted using our software. However, Skype has implemented a variety of physical, technical and administrative safeguards (including encryption techniques) aimed at protecting the confidentiality and security of the PHI that may be transmitted using Skype’s calling and video calling products. ~ Harvey Grasty
Here’s what others have said about Skype and HIPAA (from Adventures in Telepsychiatry Blog):
Encrypted and HIPAA compliant:
Via3 also offered:
Conforming to HIPAA in the Digital Age
Top Eight Priorities to Consider When Evaluating Video Conferencing Tools
MegaMeeting.com information about security and HIPAA compliance: http://www.megameeting.com/security.html
We also recommend Counsol for therapists.
Additional HIPAA Compliant Videocounseling platforms:
Once you find a secure, encrypted and compliant platform, the next hurdle is overcoming the technology. Videoconferencing is not a state-of-the-art technology yet and some therapists as well as clients find the process disruptive. At the very least, be sure you have a familiarity with the platform you are using and prepare yourself and your client for glitches.
More about Encryption:
(information about Hushmail’s encryption process)
Principles of Information Security (NHS best practice standards in the UK)
Practical Magic (Ecrypt)
Many report FaceTime as the highest quality video conferencing application available. You can use FaceTime on your Mac computer, or on your later generation iPhone, iPod Touch or iPad. (The hand-held i-Devices DO need to have a built-in camera). You will need an apple account, which you likely have already if you’re a Mac customer and the FaceTime app, which costs 99 cents. You’ll install the app, and it should open up on your phone or comupter right away.
FaceTime calls are encrypted; and HIPAA compliant when using proper encryption http://www.zdnet.com/blog/apple/facetime-calls-are-encrypted-and-hipaa-compliant-when-using-proper-encryption/11166
Skype and HIPAA: Security Flaw Discovered http://www.techhealthperspectives.com/2012/11/15/skype-and-hipaa-security-flaw-discovered/
Is Skype HIPAA-Compliant? http://www.techhealthperspectives.com/2012/06/22/is-skype-hipaa-compliant/
Stay tuned for updates as we have them!