hipaa compliant video conferencing, hipaa compliant video

HIPAA Compliant Video Conferencing: Requirements after COVID


August 24, 2020 | Reading Time: 3 Minutes

Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

Although the Department of Health and Human Services (HHS) has extended the public health emergency until October, telehealth providers need to look at what’s next. Once the public health emergency is lifted, providers wishing to continue to offer telehealth sessions must ensure that the video platform they use is HIPAA compliant. HIPAA-compliant Video conferencing is discussed below.

What is Required for HIPAA Compliant Video Conferencing?

There are certain requirements that any software must have to be considered HIPAA compliant. The following are security features that HIPAA compliant video conferencing has in place:

  • Although not specifically mandated by HIPAA, encryption is the most secure means for protecting sensitive data. HIPAA identifies encryption as an “addressable” security measure, allowing an equally secure method of protecting data to be implemented if encryption is not “reasonably appropriate” for an organization. Encryption prevents unauthorized access to protected health information (PHI), as data can only be read with a decryption key.
  • Access Controls: To ensure that individuals only have access to the PHI they need to perform their jobs, access controls must be a feature of the video chat tool. Access controls designate different levels of access to PHI based on an employee’s job function.
  • Audit Controls: To ensure that PHI is not accessed without a specific purpose, audit controls track access to PHI. Keeping an audit log of access to PHI allows organizations to establish regular access patterns for their employees so that unauthorized access can be quickly detected.

However, even if a tool has all of the required security measures in place, if they are unwilling or unable to sign a business associate agreement, they cannot be used in conjunction with PHI — although this has been overlooked for telehealth provided in “good faith” during the public health emergency.

In addition, software compliance comes down to the individual user. To ensure that video conferencing tools are used in a HIPAA-compliant manner, it is essential to train employees on the proper use of the platform.

What Are HIPAA Compliant Video ConferencingTools?

There are several popular HIPAA-compliant video conferencing tools for providers to choose from. Each of these tools has the security features required by HIPAA and are willing to sign a business associate agreement. While each is HIPAA compliant, they include different features that facilitate patient management.

PsyBooks. PSYBooks is two applications in one – an EHR for your practice management tasks and a Portal for secure, HIPAA-compliant communications with your clients. It provides the following: Video telehealth that is far beyond HIPAA compliant. All of your client records are in one place, which you can access anywhere; all tools are integrated. You enter data ONCE, and all tools automatically update; nothing to download or install – sign up and start using it, customizable appointment reminders, and HIPAA compliant email that goes beyond the standards.

Zoom for Healthcare. Zoom for Healthcare is a paid version of Zoom; Zoom’s free version is not HIPAA compliant. Zoom has the ability to integrate with some medical devices, as well as electronic health records (EHRs). Other features offered include HD video and audio, mute/unmute tool, chat messenger tool, in-app file sharing, transcripts of recordings, whiteboard tool, and patient waiting room.

GoToMeeting. GoToMeeting is the only HIPAA-compliant video conferencing tool that offers users three subscription levels to choose from. Its basic version allows 150 users to connect to one video session (more than any other platform). More features include HD audio and video, meeting locks, an unlimited number of meetings, screen sharing, in-app file sharing, chat messaging, in-app note-taking, and no time limit on meetings.

Doxy.me. Doxy.me is unique in that not only is it HIPAA compliant, it is also GDPR, PIPEDA, PHIPA, and HITECH compliant. It is also the only tool with a HIPAA-compliant free version. Their waiting room feature allows patients to check in virtually and allows providers to include images, videos, and inspirational quotes within the waiting room. Other features include HD audio/video, chat messenger, unlimited session length, unlimited number of sessions, personalized room URL address, meeting history, browser notifications, text and email reminders, and breach insurance.

SecureVideo. One of the most established and respected telehealth platforms, SecureVideo’s reliability and wide range of features are notable. No contracts. Plans can be immediately canceled from the website at any time.

Thera-Link. Thera-link was designed specifically for mental health professionals. This platform allows providers to take virtual notes while in session with patients and lock notes so that they cannot be altered. Thera-Link also has a feature that allows patients to find providers through an online directory tool and send patients automated appointment reminders. Other features of the HIPAA compliant video conferencing tool include virtual patient waiting rooms, client self-scheduling, screen sharing, mute/unmute buttons, in-session chat messenger, and secure file sharing.

Essential Telehealth Law & Ethical Issues

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Evidence-Based & Practical Telesupervision Digital Workshop

Looking for evidence-based TELESUPERVISION training? TBHI brings you “do’s and don’ts” to keep you legal & ethical.

Telehealth Video & Telephone Best Practices

Delivering telephone or video telehealth without formal professional training? Learn how to make telehealth easy, fun, legal & ethically compliant!

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of Telehealth.org’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Was this article helpful?

Please share your thoughts in the comment box below.

Notify of
Newest Most Voted
Inline Feedbacks
View all comments
Gail R. Walker
Gail R. Walker
3 years ago

What do you think of BlueJeans video platform?

Marlene Maheu, Ph. D.
Marlene Maheu, Ph. D.
3 years ago
Reply to  Gail R. Walker

I personally know of some professionals who use the platform you mentioned and are quite happy with it. Your needs may be different from theirs, though. The selection of any platform should start with an outline of what you need the platform to do. We have a handout that may be of use to you in making such a decision. You will find it here, and it is called, 30 Questions to Ask Your Video Vendor.

Register for Free

Receive Any of Our 57 FREE Newsletters!


Most Popular Blog Topics

You May Also Like…

ChatGPT HIPAA Considerations
ChatGPT HIPAA Considerations

ChatGPT HIPAA compliance is one of the hottest topics at 2023 conferences and with good reason. AI...