Can the Top Video Conferencing Platforms be HIPAA Compliant?
Just a year ago, the telehealth industry looked drastically different than it does today. Breakthroughs in the industry have allowed healthcare companies of all kinds to keep interacting with patients in our current atmosphere. This technology has been invaluable as we have navigated a full year of a global health crisis.
However, we also know that a greater reliance on electronic operations within healthcare opens organizations up to more risk of hacking, employee mishandling of PHI, or unencrypted information being shared due to the high value of information that they hold. As companies decide what the best platform is for offering telehealth services they may find themselves wondering - which of the main video conferencing services can also be HIPAA compliant?
HIPAA Compliance Reminders:
Before we dive into the specifics of these eight video conferencing software options, first we should remind you what exactly it means for one of these companies to be HIPAA compliant. In order for one of the following software to meet the requirements to work with a HIPAA compliant company, they would need to:
- Have internally met all of the requirements of HIPAA
- Including but not limited to end-to-end encryption, controlled access into meetings, and other steps towards keeping PHI secure.
- Offers to sign a Business Associate Agreement (BAA) with you in order to guarantee that if they are responsible for a breach in the PHI that your organization creates, holds, or transmits, then they accept the liability for that.
We are going to discuss all of the top platforms for video communication & see how those measure up against the requirements of HIPAA. Here we go!
Zoom is the premier teleconferencing application currently on the market. They are the top customer-rated application with a strong product to back that up. Zoom’s application includes HD meetings, workspaces, a cloud-based phone system, as well as full integration with many of the apps your business is currently using. Zoom is offered on many different plan options, starting from the free version that anyone can use for calls under 40 minutes long. The paid plans can support up to 1,000 users at once and have been frequently used for remote work, company meetings, distance learning in grade school and universities, and virtual social gatherings. Over the past year, due to the COVID-19 health crisis, Zoom has grown drastically in demand, becoming the 5th most downloaded app in the world in 2020.
Zoom & HIPAA Compliance:
Zoom offers a special version of their platform, Zoom for Healthcare, that features both a HIPAA and HITECH-compliant solution to video conferencing for medical providers. They have already partnered with many large hospital systems and can be utilized by any company that needs a HIPAA-compliant teleconferencing application. The upgraded account for a healthcare organization is certainly more expensive than the traditional Zoom account, however, you can be sure that they are complying with HIPAA and will sign a BAA with you. More information can be found on their Zoom for Healthcare description page.
BlueJeans by Verizon is a premium cloud-based video conferencing service that allows participants to communicate with others regardless of either’s location. BlueJeans offers free trials and free attendance of meetings for those invited, however, the host of each meeting must be a paying BlueJeans member. Given today’s climate, this is advantageous for providers who need the option to communicate with their patients whether they are in their hospital bed, at home, or dialing in from a satellite location using a video-enabled device like a laptop, tablet, or mobile phone. BlueJeans is also able to integrate with many messaging, productivity, and scheduling tools that you may already use.
BlueJeans and HIPAA Compliance:
In addition to its benefits as a video conferencing for the general population, BlueJeans can be a part of your company’s compliance solution because they do not record or store any information that is transmitted through their platform. They simply encrypt the data and transmit it along through a controlled and secure HIPAA compliant infrastructure. BlueJeans sets randomized entry codes, participant passwords, and individual app sharing rather than full screen. All of these details, and more, make BlueJeans a great option for healthcare providers to use to maintain a high quality of care while offering telehealth. Most importantly, BlueJeans is equipped and ready to enter into a business associate agreement with their HIPAA-compliant partners, read more about that here.
Microsoft Teams is a communication platform that was created by Microsoft to offer videoconferencing, workplace chat rooms (similar to Slack), app integration, file storage, and more. With the addition of Teams, the Microsoft 365 family is now able to offer companies the ability to host virtual conversations through call, text, webinars, or video conferencing. They provide these services directly through their Teams application that is available on all devices. With the ability to use multiple accounts, users can easily pivot between personal and business accounts to keep all areas of life organized and connected.
Microsoft Teams & HIPAA Compliance:
Microsoft is a major player in providing companies a HIPAA compliant cloud-hosting solution through Azure and is now taking the plunge into a HIPAA compliant communication application. Teams has incorporated single sign-on, two-factor authentication, access control, end-to-end encryption, and more. That answers the question of whether they independently HIPAA compliant. Luckily, they are also prepared to sign BAAs with all covered entities that they work with. This means that all in all, Microsoft Teams is a great choice for telehealth appointments. For more information on this can be found on Microsoft’s whitepaper about their HIPAA compliance: here.
Google Meet, or simply Meet, is an all-in-one communications hub that enables text, voice, or video chats that can be used one-on-one or in a group setting. Google Meet is the enterprise package version of Google Hangouts which can be found as a part of Google Workspace, formerly known as G Suite. Just as with the free version, Meet is fully integrable with many of Google’s other products and services with an extension for easy onboarding. Google Meet can be a valuable part of your company’s compliance solution, especially if you are utilizing other Google services. Meet can be used in groups of up to 250 people and can even live stream to over 100,000 people.
Google Meet & HIPAA Compliance:
Aside from being a great communication research tool that is used among many different companies, Google Meet is also a tool that can be used by healthcare professionals due to their willingness to be HIPAA compliant. However, there is a key thing to note with Google’s HIPAA compliance through their Meet product - their compliance and responsibility to it ONLY cover the chat messaging feature and not the audio or video chatting features. They are willing to sign a BAA in reference to the chat feature. If you are looking to utilize the many features of a communications platform in order to host telehealth appointments, then Google Meet is not a good solution to use. To find more information about the aspects of Google products that HIPAA compliance and BAA’s refer to, look here.
UberConference by Diapad is a leading brand in providing a high-quality video conferencing solution for your healthcare company. Unlike other services, this platform does not require a PIN or forced download to begin a call which makes the onboarding set up seamless. Their features include screen share, Voice Intelligence, HD quality, and even custom hold music.
Uber Conference & HIPAA Compliance:
UberConference has done the necessary work to ensure that their infrastructure is HIPAA compliant and they are willing to sign a BAA with any covered entity or business associate that wants to utilize their platform. In order to find out more information about Dialpad UberConference’s compliance, read through this HIPAA Datasheet, and contact firstname.lastname@example.org in order to request a BAA with them.
FaceTime, which is Apple’s video communication platform, allows you to host or join one-on-one video calls between iPhones, iMacs, iPads, and certain other Apple products. FaceTime is a free service that is available beginning on Apple devices that support the software of iOS 4 and anything after. The product has since been updated to include group video with up to 32 people and audio-only as well. FaceTime is a versatile service in that can be operated on WiFi as well as using cellular networks if you are not connected to wireless internet. However, since this platform only functions between Apple products it can be an exclusive choice for an office to use since not all connections are guaranteed to have a compatible device.
Facetime & HIPAA Compliance:
After an exhaustive search of the Apple website, as well as reviewing other reports, it does not appear that Apple offers Business Associate Agreements to their customers. If Apple is unwilling to sign a BAA, which it seems as though they are, then they are not HIPAA Compliant. For this reason, healthcare providers should pass on this service for telehealth use in order to avoid the high risks and noncompliance that follow.
GoToMeeting is an online communications platform that allows you to host meetings and share your desktop with up to 250, or 3,000 attendees depending on the plan that you choose. This platform is known for its high level of security which can be seen through its encryption and password options. As opposed to a few of the other options that we have mentioned above, GoToMeeting has mobile apps and is compatible with Apple, PC, Android devices. This solution is equipped to be able to record pieces of video meetings where the link will be shared with the attendees so that they are able to revisit this important information when needed.
GoToMeeting & HIPAA Compliance:
Luckily for healthcare providers, all three plan options under GoToMeeting are HIPAA compliant. This is a rare advantage that organizations still have the flexibility to choose the plan that makes the most sense for them while ensuring that their patient’s PHI is entirely secure. This platform is one of the more popular video conferencing software solutions for one-on-one telehealth appointments. GoToMeeting is prepared to sign a comprehensive Business Associate Agreement with their customers while also ensuring “robust technical, organizational, and physical security safeguards and measures so you can securely transmit sensitive patient data.” More information about this can be found on their healthcare page or their HIPAA compliance PDF.