It may be very tempting as a therapist to simply connect with a client for a video-teleconference utilizing a popular social media platform like Skype, Facetime or Google Hangouts. But if you do so, you are risking HIPAA compliance. Yes, these platforms provide high quality audio/video and chat capabilities free of charge, but these platforms were created to be general purpose communication tools and were not built specifically for secure use by healthcare providers.
When utilizing video-teleconferencing with clients, the technology provider is being given access to electronic protected health information (e-PHI) which falls under the HIPAA security rule, and thus must be safeguarded. To insure HIPAA compliance, you must enter into a Business Associates Agreement (BAA) with any technology provider that has access to any e-PHI. This BAA is your protection that the technology provider has incorporated the HIPAA required safeguards, and if a breach occurs the liability burden for the provider should be mitigated. In addition to simply signing a BAA, technology providers transmitting e-PHI must also incorporate certain safeguards such as access controls, auditing controls, and breach reporting to truly deliver a HIPAA compliant solution. So, although the social media platforms may seem like an easy, cheap way to connect, ask yourself if it is truly worth the risk. The answer should be no, especially when you can just as easily utilize the Virtual Thearpy Connect practice solution that is powered by VTConnect, a HIPAA compliant telehealth solution built from the ground up specifically for healthcare providers.
For more information on the HIPAA security rule – visit https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/
– Jennifer Arute Jones, MBA