HIPAA Compliant Telehealth Using Your Apple TV

HIPAA compliant telehealthHIPAA Compliant Telehealth Using Your Apple TV

As more providers turn to telehealth, they are looking to new technologies. Since many providers weren’t previously offering telehealth services they have opted for an easy solution, using their iPhones to conduct sessions. The downside to using any mobile phone for telehealth is that iPhone screens are relatively small, making it difficult to use for an extended period of time. The visual and emotional strain of connecting with, understanding, and working with a clinical population on such a limited screen can quickly lead to zoom fatigue and burnout. See Zoom Fatigue: What You Can Do About It.

As discussed in Should I Use My iPhone for Telehealth?  tools such as Apple AirPlay allow iPhone users to “mirror” their screen so that they can view their phone screen on a larger TV screen. However, before using any technology, healthcare providers must ensure that its use is HIPAA compliant. HIPAA compliant telehealth and Apple AirPlay are discussed below. 

HIPAA Compliant Telehealth: Apple TV Security Configurations

To use Apple AirPlay, users need to purchase an Apple TV. An Apple TV is a relatively inexpensive device that connects to a user’s regular TV via an HDMI cable. With an Apple TV, iPhone users can project their phone screen (“mirror”) onto their TV screen. To be able to use the AirPlay feature, users must connect their Apple TV and iPhone to the same wifi connection.

For more information on how to use AirPlay, please click here.

To prevent unauthorized users from accessing AirPlay, users need to enable certain security settings within the Apple TV device. The following security configurations can be enabled for an Apple TV using tvOS 11 or later.

  • Choose who can AirPlay to the Apple TV

Go to Settings > AirPlay. There are several options listed for how to choose who connects to Apple TV. These include Everyone, Anyone on the Same Network, Only People Sharing This Home, or Require Password. For HIPAA compliant telehealth, users should select the Require Password option.

  • Security type

Under AirPlay > Security > Require Code, users can select when a password is required. The options include None, Passcode Once, Passcode Always, and Password. For HIPAA compliant telehealth, users should Password or Passcode Always.

  • Set password

To set a password, select Settings > AirPlay > Set Password. Passwords should use a combination of uppercase, lowercase, numbers, and symbols for increased security.

  • AirPlay codes

In addition to a password, users can also implement AirPlay codes. An AirPlay code randomly generates a 4 digit code on the TV screen that the Apple TV is connected to. To be able to use AirPlay, users have to enter the code on the TV screen on their iPhone. To enable this setting select Settings > AirPlay > Onscreen Code.

HIPAA Conduit Rule and Business Associate Agreements

Apple has stated that it will not sign a business associate agreement (BAA) with its healthcare clients. Generally, service providers are required to sign BAAs with their covered entity clients. However, there is an exception to this requirement. The HIPAA Conduit Exception Rule applies to service providers that cannot be considered business associates since they don’t have any way of accessing or storing electronically protected health information (ePHI) transmitted through their platform.

The Department of Health and Human Services states:

We do not require a covered entity to enter into a business associate contract with a person or organization that acts merely as a conduit for protected health information A conduit transports information but does not access it other than on a random or infrequent basis as may be necessary for the performance of the transportation service, or as required by law. Since no disclosure is intended by the covered entity and the probability of exposure of any particular protected health information to a conduit is very small, we do not consider a conduit to be a business associate of the covered entity.

As AirPlay does not access ePHI, Apple is considered a conduit in this case, and therefore can be used for HIPAA compliant telehealth without the need for a BAA. 

HIPAA Resources

Need assistance with HIPAA compliance? Compliancy Group can help! They help you achieve HIPAA compliance with Compliance Coaches® guiding you through the entire process. Find out more about the HIPAA Seal of Compliance® and Compliancy Group. Get HIPAA compliant today!

Your TBHI Professional Training Options

TBHI specializes in teaching you how to relax when delivering telehealth.  It offers you a step-by-step learning path of online training that helps you be legally and ethically compliant, clinically proficient, and able to handle even the most difficult of clinical scenarios. Take advantage of COVID discount pricing to learn how to sit back and enjoy your telehealth experiences, rather than struggling with ZOOM fatigue and clinical uncertainty. All courses are evidence-based, available 24/7 through any device and most count toward legal and ethical requirements for licensure. Two micro certifications are also available.

    1. Telehealth Group Therapy  — Exciting, highly interactive telehealth learning experience designed to get answers to your questions about legally and ethically managing telehealth group therapy. Digital class will allow you to connect with colleagues ahead of time to ask questions and share answers. Distinguished faculty will lead you through telehealth group therapy theory and exercises.
    2. Telehealth Clinical Best Practices Workshop — Live, interactive webinar, w/ 4 CME or CE hours to discuss preventing and handling complex clinical issues.
    3. Course Catalog
    4. Micro Certifications to give you a broader range of legal and ethical grounding, and allow you to distinguish yourself as a TBHI-credentialed professional on your websites, in social media, directories and other areas.

Rate this post!

(5 raters, 25 scores, average: 5.00 out of 5)

Leave a Reply

Name and email are required. Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.