COVID-19 brought in an era of telehealth, but not all platforms are created equally. As everyone has rushed to implement telehealth in their practice, the process has brought up a lot of questions. FaceTime is easy to use since it is integrated into your iPhone or iPad if you use these devices and has been widely used before the times of COVID-19. While FaceTime may seem like an easy solution to implement quickly, is it the safest solution?
As all healthcare professionals know, HIPAA is a huge deal that influences almost every aspect of what they do and how they do it. When it comes to picking out a telehealth platform, there is a part of HIPAA that is particularly important. First, we must discuss the Business Associate Agreement (BAA). Any company that makes a health tool or software that is involved in sharing, transmitting, storing, or maintaining protected health information (PHI) is mandated to sign a BAA with the healthcare professional using the said tool. Basically, the BAA is a contract where both parties agree to comply with HIPAA standards and take on that responsibility. The BAA also ensures that the company providing the tool does not use or share the PHI in any way other than what is clearly documented in the BAA.
Apple has made it clear that they will not sign a BAA when it comes to FaceTime. So, this means that they aren’t HIPAA compliant, right?
This can get somewhat complicated because there is also what is called the Conduit Exception Rule. This rule states that if the organization only acts as a conduit (as in, only transmits it but does not store it or have access to it) then it does not need a BAA. Some have argued that FaceTime is only a conduit and therefore, is exempt from needing a BAA. However, this isn’t exactly true. Apple is actually considered a cloud service provider (CSP) and CSPs are not considered conduits. Examples of conduits include service providers such as the US Postal service or your internet provider, not CSPs. Thus, Apple isn’t actually a conduit and isn’t exempt from signing a BAA. So, if you truly want to make sure that you are practicing telehealth in HIPAA compliant way, FaceTime isn’t the way to go.
Don’t fret though, VidHealth is HIPAA compliant and you can make an account for free! We also provide a BAA free of charge. We pride ourselves in being a privacy-centric company that puts patients’ privacy above anything. That being said, we also want to remind you that while we are completely HIPAA compliant, HIPAA compliance is actually more up to the user than the technology. The provider’s behavior is crucial to maintaining patient privacy. For example, the provider should not meet with a patient while in public or while others are in the room. Even if the patient can’t see these people, the people in the room will be able to overhear at the very least the provider’s side of the conversation if not the whole conversation.While it is important to do your due diligence about your telehealth platform, remember that you are responsible for maintaining privacy as well.