Online video conferencing is proving to be a valuable tool for small and midsize offices, including those in the healthcare industry. When integrated with other communication platforms like email, telephony, and instant messaging, online video conferencing brings a competitive advantage to your business by reducing travel time and associated costs, increasing employee attendance, and improving the organizational structure of meetings. But there are some important considerations to make when using video conferencing for your business needs — namely, HIPAA standards. Here’s what you need to know about HIPAA compliance for some of the best video conferencing solutions.
What Is HIPAA and How Does It Apply to Your Organization?
HIPAA (Health Insurance Portability and Accountability Act) was passed by Congress in 1996. Since that time, healthcare organizations have been working to put the measures and contracts in place to protect the information and data their organization processes on a daily basis. This pertains to all forms of medical information, including written, electronic, and even verbal discussion of healthcare or medical data.
What some small and midsize businesses may not know is that, as an employer, if you pay for any healthcare plans for your employees, you’re bound to the rules of HIPAA. These privacy laws include:
- Information in employee health records, including physicals, workers’ compensation claims, or as related to workplace injury.
- Any information collected for employee wellness programs or flex spending accounts.
For healthcare organizations, it’s important to evaluate new technologies to be certain they are HIPAA compliant before the implementation phase. Virtual doctor’s visits, online patient discussions, and doctor-to-doctor video consultations could potentially expose healthcare information if organizations do not opt for secure, compliant conferencing solutions.
Are Video Conferencing Solutions HIPAA Compliant?
As mentioned above, communication and video conferencing platforms such as Zoom and Microsoft Teams are convenient and effective ways to communicate, especially for staff who travel often or work remotely. But can they be used to share electronic protected health information (ePHI)?
There are three HIPAA guidelines that relate to video conferencing communication: encryption, business associate agreement (BAA), and monitoring for breaches.
- Encryption. Encryption keeps your data protected and ensures that if a hacker is able to gain access to your system the data will be indecipherable, unless they have the encryption key.
- Business associate agreement (BAA). As defined by HIPAA, a business associate is any company that helps you run your practice or has access to protected health information, such as your billing company, answering service, or other related vendors. HIPAA laws require these associates to sign a BAA contract, stating that they will keep all of your health information protected.
- Monitoring for breaches. Under HIPAA, you are responsible for identifying and protecting your systems against any reasonably anticipated threats to security. Therefore, it’s important you have system security measures in place to protect your communications.
How Do Microsoft Teams and Zoom Stack Up to These Three HIPAA Guidelines?
Microsoft Teams. This communications platform makes connecting easy with HD video that members can access from any device. Video conferencing is a helpful tool for team meetings and collaboration that would be best communicated face-to-face in real-time, but are unable to occur with team members in the same physical space. These meetings also provide the option of recording, so they can be accessed later on. But is Microsoft Teams HIPAA compliant?
The good news is that Microsoft assures advanced protection and compliance, per its Tier-D compliance category, which includes access controls, single sign-on, two-factor authentication, and audit logs. There’s only one caveat; in order to confirm full HIPAA compliance, you must enter into a business associate agreement (BAA) with Microsoft, which functions as a legally binding contract for HIPAA compliance. The agreement is easily attainable online at https://www.microsoft.com/en-us/trustcenter/compliance/hipaa
Zoom Video Conferencing. This popular video conferencing tool makes communication and collaboration easy, by hosting and recording virtual meetings or conferences from any location or device. Much like Microsoft Teams, Zoom checks all the technical boxes for HIPAA compliance, with end-to-end AES-256 bit encryption and access controls. Zoom is HIPAA compliant for use in healthcare organizations or businesses that use electronic protected health information, but again, only after the organization has obtained a BAA from Zoom, which confirms their responsibilities concerning the security and privacy of HIPAA compliance. More information about Zoom’s BAA may be obtained here.
Now that you are armed with a few of the best video conferencing solutions for your office, let us know if you would like additional help with implementation and integration. Here at CoreTech, our expert team will integrate and streamline your communication tools for a seamless and secure experience every time. We’re here to help you choose vendors that take the security of your data as seriously as you do. Contact us today!