It may be very tempting as a healthcare provider to simply connect with a patient for a video teleconference utilizing the popular social media platforms like Google Hangouts, Skype and Facetime, but if you do so, you are risking HIPAA compliance. Yes, these platforms provide high quality audio/video and chat capabilities free of charge, but these platforms were created to be general purpose communication tools and were not built specifically for secure use by healthcare providers. When utilizing video-teleconferencing with patients, the technology provider is being given access to electronic protected health information (e-PHI) which falls under the HIPAA security rule, and thus must be safeguarded. To insure HIPAA compliance, you must enter into a Business Associates Agreement (BAA) with any technology provider that has access to any e-PHI. This BAA is your protection that the technology provider has incorporated the HIPAA required safeguards, and if a breach occurs the liability burden for the provider should be mitigated. In addition to simply signing a BAA, technology providers transmitting e-PHI must also incorporate certain safeguards such as access controls, auditing controls, and breach reporting to truly deliver a HIPAA compliant solution. So, although the social media platforms may seem like an easy way to connect, ask yourself if it is truly worth the risk when there is a telehealth option like VTConnect that was built from the ground up as a HIPAA compliant solution for healthcare providers.
For more information on the HIPAA security rule – visit https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/
Submitted by: Jennifer Arute Jones, MBA