Although the Department of Health and Human Services (HHS) has extended the public health emergency until October, telehealth providers need to look at what’s next. Once the public health emergency is lifted, providers wishing to continue to offer telehealth sessions must ensure that the video platform they use is HIPAA compliant. HIPAA-compliant Video conferencing is discussed below.
What is Required for HIPAA Compliant Video Conferencing?
There are certain requirements that any software must have to be considered HIPAA compliant. The following are security features that HIPAA compliant video conferencing has in place:
- Although not specifically mandated by HIPAA, encryption is the most secure means for protecting sensitive data. HIPAA identifies encryption as an “addressable” security measure, allowing an equally secure method of protecting data to be implemented if encryption is not “reasonably appropriate” for an organization. Encryption prevents unauthorized access to protected health information (PHI), as data can only be read with a decryption key.
- Access Controls: To ensure that individuals only have access to the PHI they need to perform their jobs, access controls must be a feature of the video chat tool. Access controls designate different levels of access to PHI based on an employee’s job function.
- Audit Controls: To ensure that PHI is not accessed without a specific purpose, audit controls track access to PHI. Keeping an audit log of access to PHI allows organizations to establish regular access patterns for their employees so that unauthorized access can be quickly detected.
However, even if a tool has all of the required security measures in place, if they are unwilling or unable to sign a business associate agreement, they cannot be used in conjunction with PHI — although this has been overlooked for telehealth provided in “good faith” during the public health emergency.
In addition, software compliance comes down to the individual user. To ensure that video conferencing tools are used in a HIPAA-compliant manner, it is essential to train employees on the proper use of the platform.
What Are HIPAA Compliant Video ConferencingTools?
There are several popular HIPAA-compliant video conferencing tools for providers to choose from. Each of these tools has the security features required by HIPAA and are willing to sign a business associate agreement. While each is HIPAA compliant, they include different features that facilitate patient management.
- PsyBooks. PSYBooks is two applications in one – an EHR for your practice management tasks and a Portal for secure, HIPAA-compliant communications with your clients. It provides the following: Video telehealth that is far beyond HIPAA compliant. All of your client records are in one place, which you can access anywhere; all tools are integrated. You enter data ONCE, and all tools automatically update; nothing to download or install – sign up and start using it, customizable appointment reminders, and HIPAA compliant email that goes beyond the standards.
- Zoom for Healthcare. Zoom for Healthcare is a paid version of Zoom; Zoom’s free version is not HIPAA compliant. Zoom has the ability to integrate with some medical devices, as well as electronic health records (EHRs). Other features offered include HD video and audio, mute/unmute tool, chat messenger tool, in-app file sharing, transcripts of recordings, whiteboard tool, and patient waiting room.
- GoToMeeting. GoToMeeting is the only HIPAA-compliant video conferencing tool that offers users three subscription levels to choose from. Its basic version allows 150 users to connect to one video session (more than any other platform). More features include HD audio and video, meeting locks, an unlimited number of meetings, screen sharing, in-app file sharing, chat messaging, in-app note-taking, and no time limit on meetings.
- Doxy.me. Doxy.me is unique in that not only is it HIPAA compliant, it is also GDPR, PIPEDA, PHIPA, and HITECH compliant. It is also the only tool with a HIPAA-compliant free version. Their waiting room feature allows patients to check in virtually and allows providers to include images, videos, and inspirational quotes within the waiting room. Other features include HD audio/video, chat messenger, unlimited session length, unlimited number of sessions, personalized room URL address, meeting history, browser notifications, text and email reminders, and breach insurance.
- SecureVideo. One of the most established and respected telehealth platforms, SecureVideo’s reliability and wide range of features are notable. No contracts. Plans can be immediately canceled from the website at any time.
- Thera-Link. Thera-link was designed specifically for mental health professionals. This platform allows providers to take virtual notes while in session with patients and lock notes so that they cannot be altered. Thera-Link also has a feature that allows patients to find providers through an online directory tool and send patients automated appointment reminders. Other features of the HIPAA compliant video conferencing tool include virtual patient waiting rooms, client self-scheduling, screen sharing, mute/unmute buttons, in-session chat messenger, and secure file sharing.
What Are Your Thoughts?
Please leave your comments below.