Videoconferencing- secure, encrypted, HIPAA compliant

March 1st, 2011   •   2 comments   
Share

 

This blog post is updated regularly! Last update: 6/17/2013 

Be sure to browse our Course Catalogue

Be sure to check out this telemental health comparison guide if you are seeking HIPAA compliant platforms to deliver services: http://www.telementalhealthcomparisons.com/

 

And if you are seeking a course in video-counseling visit: http://onlinetherapyinstitute.com/using-videoconferencing-to-conduct-online-therapy/

.

First, let’s discuss Skype. Everyone wants to know- is Skype encrypted?

Yes, Skype is encrypted. But, Skype is not necessarily HIPAA compliant. For U.S. practitioners who need a HIPAA compliant solution (that means the practitioner can engage in a HIPAA Business Associate Agreement with the 3rd party and that 3rd party is also HIPAA compliant) then Skype may not be a viable alternative. One could argue though, that we don’t have a HIPAA Business Associate Agreement with AT&T or Vodafone when we use a landline for audio calls but if you are using video/chat and audio full on with clients as a mental health practitioner in the U.S. just consider the need for the HIPAA Business Associate Agreement. While Skype’s video and audio calls are not recorded and maintained on Skype’s servers, chat conversations are and that would be considered PHI.

In the news 5/20/13

Think your Skype messages get end-to-end encryption? Think again http://arstechnica.com/security/2013/05/think-your-skype-messages-get-end-to-end-encryption-think-again/

In the news 5/1/2013

Skype & HIPAA: The Vexing Question http://www.issuu.com/onlinetherapyinstitute/docs/tiltissue14/42

In the news 5/1/12

Skype leaking user IP addresses, TCP ports http://www.zdnet.com/blog/security/skype-leaking-user-ip-addresses-tcp-ports/11733

Skype update as of 6.10.11

Breakthrough http://www.breakthrough.com recently received a written statement from a Skype representative and with Breakthrough’s permission I am sharing this information.

Skype is not a business associate subject to HIPAA nor have we entered into any contractual arrangements with covered entities to create HIPAA compliant privacy and security obligations. Instead, Skype is merely a conduit for transporting information, much like the electronic equivalent of the US Postal Service or a private courier. Skype does not use or access the protected health information (PHI) transmitted using our software. However, Skype has implemented a variety of physical, technical and administrative safeguards (including encryption techniques) aimed at protecting the confidentiality and security of the PHI that may be transmitted using Skype’s calling and video calling products. ~ Harvey Grasty

Here’s what others have said about Skype and HIPAA (from Adventures in Telepsychiatry Blog):

Is Skype HIPAA-compliant?

Is Skype HIPAA-compliant?, Part II

Is Skype HIPAA-compliant?, Part III

Encrypted and HIPAA compliant:

Gotomeeting and Gotowebinar

Via3 Corporation

Via3 also offered:

Conforming to HIPAA in the Digital Age

Top Eight Priorities to Consider When Evaluating Video Conferencing Tools

MegaMeeting

MegaMeeting.com

MegaMeeting.com information about security and HIPAA compliance: http://www.megameeting.com/security.html

We also recommend Counsol for therapists.

Additional HIPAA Compliant Videocounseling platforms:

http://securevideoconference.com/

http://vsee.com/telemedicine

VSee and HIPAA Compliant Practice: A “Skype Therapy” Alternative

http://www.talktoanexpertinc.com

https://virtualtherapyconnect.com 

Once you find a secure, encrypted and compliant platform, the next hurdle is overcoming the technology. Videoconferencing is not a state-of-the-art technology yet and some therapists as well as clients find the process disruptive. At the very least, be sure you have a familiarity with the platform you are using and prepare yourself and your client for glitches.

More about Encryption:

Use a Secure and Encrypted Email Service for Online Therapy

(information about Hushmail’s encryption process)

Attn: Helping Professionals! Another Good Reason to Use Encryption!

Government Encryption Standard | Advanced Encryption Standard (AES) (US)

HIPAA Final Rule and the Conduit Exception

 

Principles of Information Security (NHS best practice standards in the UK)

Encrypting Health and Wellness Information (AMA)

Practical Magic (Ecrypt)

Encryption, audio, video, text, client records…oh my! 

FaceTime

Many report FaceTime as the highest quality video conferencing application available. You can use FaceTime on your Mac computer, or on your later generation iPhone, iPod Touch or iPad. (The hand-held i-Devices DO need to have a built-in camera). You will need an apple account, which you likely have already if you’re a Mac customer and the FaceTime app, which costs 99 cents. You’ll install the app, and it should open up on your phone or comupter right away.

FaceTime calls are encrypted; and HIPAA compliant when using proper encryption http://www.zdnet.com/blog/apple/facetime-calls-are-encrypted-and-hipaa-compliant-when-using-proper-encryption/11166

Updates 12/2012

Why Skype is Scary http://www.intouchhealth.com/blog/2012/11/why-skype-is-scary/?goback=%2Egmr_1353607%2Eamf_1353607_22863213%2Egde_1353607_member_191458068 

Skype and HIPAA: Security Flaw Discovered http://www.techhealthperspectives.com/2012/11/15/skype-and-hipaa-security-flaw-discovered/

Is Skype HIPAA-Compliant? http://www.techhealthperspectives.com/2012/06/22/is-skype-hipaa-compliant/

Stay tuned for updates as we have them!

>>>>>>>>>>>>>>>>>>

2 comments

  1. How secure is skype for practice online | Community eServices Portal says:

    [...] This article is a must read … (click here) [...]

  2. [...] Is Skype HIPAA-compliant? (Online Therapy Institute) [...]