Can you use Skype for Business for Telehealth and remain HIPAA compliant?
When it comes to compliance, like other markets, healthcare has its own standards, rules, and regulations. One such instance is the Health Insurance Portability and Accountability Act (HIPAA). HIPAA is a protective federal law that requires a patient’s health information to be secured and remain confidential; this right to privacy is covered by a number of guidelines that call for HIPAA enforcement.
Interactive Audio-Visual Technology (IAVT) such as Skype for Business has grown in usage in healthcare in recent years. This new category, deemed Telehealth, has quickly become a viable option to in-person office visits for many population sets. This virtual exchange creates data containing electronic patient health information or E-PHI. For anyone engaging in Telehealth, the major issue at hand is whether you can you use an IAVT such as Skype for Business and remain HIPAA compliant?
While Telehealth is great for its convenience, allowing for long distance communicating, and Skype for Business is especially useful because of its familiarity and accessibility—anyone in the world can be conferenced in—the electronic exchange of patient information poses many challenges. Therefore, prior to using Skype for Business for Telehealth, any entity directly involved in handling private patient information, such as a healthcare provider or even indirectly involved, like a business associate such as a software company that handles the provider’s data, would be best served to take the necessary steps toward HIPAA compliance. Any breach in this privacy can result in legal action and steps have to be taken to inform the subject whose privacy has been violated, as well as report the breach to a long list of federal, state and local authorities, sometimes including the media.
Having a Compliance Solution in place allows parties to set rules, using Ethical Wall, that prevent video, voice, screens, chat or IM from being shared with outside parties. Another feature of a comprehensive Compliance Solution allows for the inclusion of a “chaperone”—perhaps the compliance officer—that must approve all video exchanges with outside parties and will decide in real time when and with whom it is appropriate to share. The Compliance Solution can ensure third parties have limited or no access to the Telehealth session, but can also make sure that recorded sessions of E-PHI are stored securely.
If you have questions about your Telehealth conferences and whether they are properly handled with regard to HIPAA compliance, or for more information on the protective features of Ethical Wall, visit http://www.isi-info.com/solutions/voice-and-video-recording/regulatory-compliance/ethical-wall.