Are Zoom, Facetime, and Google Hangouts Secure for Telehealth?

When the Centers for Medicare & Medicaid Services (CMS) relaxed telehealth laws and the Office of Civil Rights (OCR) announced leniency on non HIPAA-compliant penalties for the COVID19 emergency, health practitioners scrambled to transition to online telehealth.

Now, those looking to uphold the same level of safety and security for their patients as they achieve in person are becoming increasingly concerned about privacy and protection, and what happens to the information exchanged during sessions.

In this release, OCR warns that public facing platforms like Facebook Live, Twitch, and TikTok should not be used, but goes on to say:

"Under this Notice, covered health care providers may use popular applications that allow for video chats, including Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, Zoom, or Skype, to provide telehealth without risk that OCR might seek to impose a penalty for noncompliance with the HIPAA Rules related to the good faith provision of telehealth during the COVID-19 nationwide public health emergency.  Providers are encouraged to notify patients that these third-party applications potentially introduce privacy risks, and providers should enable all available encryption and privacy modes when using such applications."

Although many providers have jumped onto these mainstream platforms to conduct their sessions, but now the FBI warns of a sharp rise in cyber crimes like call hi-jacking and “Zoom-bombing”. Zoom bombing, or “zoom raiding” is a disruptive unwelcome intrusion into a video conference call by an individual, and it’s happening nationwide across all different types of video conferencing sessions, including dissertations, twelve step meetings, school “classrooms”, newspaper video conferences, during bible study, and more.

Platforms with end-to-end encryption tout the secure video features of their products, but secure video doesn’t mean HIPAA-compliant or completely safe telehealth sessions.

The video component of Google Hangouts and Apple’s FaceTime don’t cover all aspects of HIPAA laws, such as a business associate agreement (BAA). A business associate agreement is extremely important because it guarantees what is happening with the information exchanged during a call. In the absence of a BAA, there is no guarantee hackers and video conferencing companies aren’t selling or using patient data from unsecured video conferencing sessions or even where the data is being routed!

VTConnect was created for the sole purpose of giving our telehealth practitioners and their patients a safe, secure, trustworthy place to connect.

Here are a few ways VTConnect guarantees you and your clients a secure telehealth experience: 

  • End-to-end encryption for all data transmission and storage
  • Proprietary telehealth application with tight controls over security and HIPAA compliance built in
  • Password protected secure telehealth care rooms
  • Restricted access to secure telehealth care rooms - only practitioners and their associated clients can connect
  • Comprehensive security protocols built in to protect all patient PHI (Protected Health Information)
  • All servers maintained in a secure facility with HIPAA compliant procedures
  • Routine automatic backups and periodic manual backups that comply with HIPAA guidelines for data storage and security
  • Processes for monitoring and auditing our network to insure HIPAA security
  • Signed Business Associates Agreement (BAA) with all customers

To support our community during the COVID-19 Pandemic, we are offering new customers of any size your first month FREE. Click HERE learn more.

Now is the time to join a safe, secure, and sustainable telehealth solution!