Is Facetime Hippa Compliant – Before We Get Into The Topic, let’s Learn Some Basic Of This Topic
FaceTime HIPAA compliant
Due to the coronavirus pandemic, 91% of healthcare professionals will be offering telehealth services by 2020. FaceTime, a video chat program from Apple, is essential for working with people in digital settings. FaceTime is similar to Skype and Google Hangouts. It allows you to make one-on-one video chats with newer iPhones, iPads, and iPod touchscreen devices, as well as Mac laptops and desktops. Before you use FaceTime for personal communication, make sure to ask: Is Apple Facetime HIPAA compliant?
It is, however.
FaceTime or any other instrument must be HIPAA-compliant before it can discuss, transmit, store, or maintain protected health information (PHI).
A BAA, in other words, is a contract that involves the company partner (in this case, Apple) and the health care supplier like the practice that uses FaceTime to access telehealth functions. Each party must agree to take specific duties when handling PHI. HIPAA stipulates that the BAA must ensure that the business associate will not use or disclose protected health information except as permitted or required by law.
This is not a significant difference in Apple’s event as the tech giant doesn’t appear to be looking to enter into a BAA agreement with health care companies. Apple claims that the iCloud info storage service is not HIPAA compliant, and should not be used by healthcare organizations.
Apple won’t signal a BAA for FaceTime. This means that FaceTime isn’t HIPAA compliant support. It isn’t that simple. For HIPAA’s goal, entities that are “business partners” should sign BAAs. Things described as “conduits” can be cheated. If FaceTime is used as a conduit and not a business partner, health care organizations can use FaceTime without a BAA. What is it?
What is the HIPAA Conduit exception Rule?
HIPAA Conduit exception Rule basically states that a company can act as a conduit to PHI. This means it only transfers health information, but not has access to or keeps it. It is exempted from the BAA necessity.
Apple is not a cloud hosting provider (CSP). CSPs are often not considered conduits. Under HHS’s advice on HIPAA and cloud calculating systems, cloud hosting providers that get or store PHI has been, in reality, business partners. Even though the CSP cannot see the encrypted information, this is true.
Apple is considered a business partner when it comes to FaceTime PHI and is not covered under the conduit exception principle.
All messages sent through FaceTime use end-to-end encryption. Only authorized users can get an Apple ID account. Apple does not store any information sent through FaceTime, which could indicate that FaceTime is used in a HIPAA-compliant manner. Still, it’s likely to utilize FaceTime in a non-compliant manner. It’s a lot more about the user than the tech.
As stated above, Apple is a business partner and the corporation should sign an agreement before transmitting, storing, or maintaining PHI using Apple services. FaceTime is not HIPAA compliant because Apple won’t signal a BAA. FaceTime is also not covered by the HIPAA Conduit Exception Rule.
However, the coronavirus epidemic has not caused any ordinary conditions. Under the shadow of COVID-19 enforcement of HIPAA rules was relaxed, particularly regarding telemedicine, such as FaceTime. The Office for Civil Rights (OCR), felt it was essential to ease the rules to allow telehealth skills to be used nationally.
Providers are not subject to penalization for using these solutions even if they do not comply with HIPAA. However, they must inform their patients about the possible privacy risks and protect personal data.
This exemption is temporary and you cannot rely on popular customer programs such as FaceTime for a long-term solution. When possible, it is important to make sure that you have HIPAA-compliant video-conferencing applications.
To ensure you comply with HIPAA requirements, make sure your software supplier has signed a BAA. Also, ensure that both you and your patients have access to the applications.