Tag Archives: HIPAA

There’s more to HIPAA than encryption: Choosing the right VTC platform

thhbp4If you are a regular reader of this blog, you already understand the amazing opportunities telemedicine presents to the modern day medical facility. You also know that the environment for implementing telemedicine is better than ever given changes in the way that telemedicine services are now being categorized. Given all this, you may be primed to implement a telemedicine system in your facility to start to take advantage of these trends.

On the surface, implementation looks fairly intuitive. You invest in some PC hardware, monitors, HD cameras, and quality microphone equipment. You dedicate space in your facility for practitioners to be able to sit and converse with patients. Finally you go about the task of determining which hardware and software platform to use for video teleconferencing.

Here is where things get very confusing.

How do you determine which platforms are actually compliant and assure that the combination of hardware and software you have put in place do not create liability for your organization?

There is a temptation to standardize on a platform already familiar to the patient base as a whole. Given that temptation, solutions like GoToMeeting, Skype, and even FaceTime may initially look attractive. In fact, all of these platforms claim to meet HIPAA compliance in one way or another. They all claim 128 bit AES encryption to protect data to support their cases. However HIPAA requires more than just encryption of the data as it flows through the web.

Anything that is stored in a server is also applicable to HIPAA encryption, and although video is not saved and stored in most cases by these types of providers, things like chat sessions are, and these services do not store those in a HIPAA compliant manner.

There are also requirements for HIPAA Business Associate Agreements between companies, auditing tools to assure compliance, emergency notifications, and encryption of stored data as well, that is suspect at best in these platforms.

Skype has gone so far as to claim that they donot need to be a vehicle that enables compliance  just like your cell phone provider and the postal mail service are not.”

So if they are not the compliance vehicle, who is? Where does the liability lie if a breach happens? Some believe it then lies then on the healthcare provider.

“Since it is relatively easy to choose a Safeguard that allows you to be more fully compliant with HIPAA when video conferencing, it would be neglectful to instead use Skype for this purpose…you must be able to justify your decision in your internal HIPAA compliance reviews and be prepared to answer pointed questions from auditors, should the need arise.”

The bottom line is that better options exist that are fully compliant and that mitigate the liability of non-compliance with HIPAA. These solutions may utilize more reliable encryption methods through dedicated hardware that also enables audits and emergency notifications. These companies also offer the Business Associate Agreements required as well.

Of course, as with any innovative hardware technology solution, working with a trusted partner who is well versed in both the hardware and the specifics of HIPAA compliance is invaluable as well.

Avidex AV is revolutionizing the way healthcare facilities and doctors are delivering care. Their 20 years of experience is being leveraged to drive down the cost of care while promoting positive healthcare outcomes. Is your organization looking for a new kind of technology partner? Connect with one of our Account Executives today to learn more.


#1: http://www.telehealthtechnology.org/sites/default/files/documents/HIPAA%20for%20TRCs%202014.pdf

#2: http://www.zdnet.com/article/facetime-calls-are-encrypted-and-hipaa-compliant-when-using-proper-encryption/

#3: http://l1.osdimg.com/online/dam/pdf/en/resources/wp/GoToMeeting-HIPAA-Compliance-Guide-brief.pdf

#4: http://onlinetherapyinstitute.com/2011/03/01/videoconferencing-secure-encrypted-hipaa-compliant/

#5: https://luxsci.com/blog/is-skype-hipaa-compliant-if-not-what-is.html

#6: http://telehealth.org/video/

Bob Higginbotham

About Bob Higginbotham

Bob Higginbotham, CTS-I, CTS-D, is the Avidex National Manager of Healthcare AV. Bob has spent his 30 year career in leadership positions in the AV industry including extensive design and build work in healthcare facilities. He owned and operated a successful AV business in Texas with multiple offices in several cities where he managed a staff of over 100 employees. Bob has served as a technical consultant for a major AV manufacturer, led the technical sales team for a national video conferencing provider and provided technology auditing services for several private education facilities. He has a unique working knowledge of audiovisual technology as well as multiple certifications in audio engineering, acoustics, AV design, CQT system commissioning and video transmission systems. Bob holds a BA in communications and has recently served as board chair for a large private school. He brings his years of technical knowledge and leadership experience to Avidex where he leads the national healthcare AV team. Contact Bob at bobh@avidexav.com