40% OFF Sale through January 23: COVID Clinical Best Practices. Use "CLINICAL40" coupon code in your shopping cart.

HIPAA compliant telehealthAs more providers turn to telehealth, they are looking to new technologies. Since many providers weren’t previously offering telehealth services they have opted for an easy solution, using their iPhones to conduct sessions. The downside to using any mobile phone for telehealth is that iPhone screens are relatively small, making it difficult to use for an extended period of time. The visual and emotional strain of connecting with, understanding, and working with a clinical population on such a limited screen can quickly lead to zoom fatigue and burnout. See Zoom Fatigue: What You Can Do About It.

As discussed in Should I Use My iPhone for Telehealth?  tools such as Apple AirPlay allow iPhone users to “mirror” their screen so that they can view their phone screen on a larger TV screen. However, before using any technology, healthcare providers must ensure that its use is HIPAA compliant. HIPAA compliant telehealth and Apple AirPlay are discussed below. 

HIPAA Compliant Telehealth: Apple TV Security Configurations

To use Apple AirPlay, users need to purchase an Apple TV. An Apple TV is a relatively inexpensive device that connects to a user’s regular TV via an HDMI cable. With an Apple TV, iPhone users can project their phone screen (“mirror”) onto their TV screen. To be able to use the AirPlay feature, users must connect their Apple TV and iPhone to the same wifi connection.
For more information on how to use AirPlay, please click here.
To prevent unauthorized users from accessing AirPlay, users need to enable certain security settings within the Apple TV device. The following security configurations can be enabled for an Apple TV using tvOS 11 or later.

  • Choose who can AirPlay to the Apple TV

Go to Settings > AirPlay. There are several options listed for how to choose who connects to Apple TV. These include Everyone, Anyone on the Same Network, Only People Sharing This Home, or Require Password. For HIPAA compliant telehealth, users should select the Require Password option.

  • Security type

Under AirPlay > Security > Require Code, users can select when a password is required. The options include None, Passcode Once, Passcode Always, and Password. For HIPAA compliant telehealth, users should Password or Passcode Always.

  • Set password

To set a password, select Settings > AirPlay > Set Password. Passwords should use a combination of uppercase, lowercase, numbers, and symbols for increased security.

  • AirPlay codes

In addition to a password, users can also implement AirPlay codes. An AirPlay code randomly generates a 4 digit code on the TV screen that the Apple TV is connected to. To be able to use AirPlay, users have to enter the code on the TV screen on their iPhone. To enable this setting select Settings > AirPlay > Onscreen Code.

HIPAA Conduit Rule and Business Associate Agreements

Apple has stated that it will not sign a business associate agreement (BAA) with its healthcare clients. Generally, service providers are required to sign BAAs with their covered entity clients. However, there is an exception to this requirement. The HIPAA Conduit Exception Rule applies to service providers that cannot be considered business associates since they don’t have any way of accessing or storing electronically protected health information (ePHI) transmitted through their platform.
The Department of Health and Human Services states:

We do not require a covered entity to enter into a business associate contract with a person or organization that acts merely as a conduit for protected health information A conduit transports information but does not access it other than on a random or infrequent basis as may be necessary for the performance of the transportation service, or as required by law. Since no disclosure is intended by the covered entity and the probability of exposure of any particular protected health information to a conduit is very small, we do not consider a conduit to be a business associate of the covered entity.

As AirPlay does not access ePHI, Apple is considered a conduit in this case, and therefore can be used for HIPAA compliant telehealth without the need for a BAA.

HIPAA Resources

Need assistance with HIPAA compliance? Compliancy Group can help! They help you achieve HIPAA compliance with Compliance Coaches® guiding you through the entire process. Find out more about the HIPAA Seal of Compliance® and Compliancy Group.

Get HIPAA compliant today!

Telehealth Training or Telemedicine Training?

If you are developing a hybrid telehealth model, now might be the right time to get serious about telehealth training. TBHI offers competency-based training from the convenience of your home or office Internet connection. Whatever your need, from basic telehealth to specialty topics, TBHI is the industry leader with online training to help you develop your evidence-based protocols, learn to be compliant with state, provincial and national laws, implement practical documentation shortcuts to legal and ethical compliance, and find the best technology to maximally protect your clients or patients.
Enjoy a step-by-step learning path that teaches you how to prevent as well as handle even the most difficult of clinical scenarios. All training is evidence-based and available online 24/7 through any device. Individual courses and webinars, as well as two micro certifications: