How to be HIPAA compliant with video conferencing
What you need to know to be HIPAA compliant with your dental video conferencing
You’ve probably heard about this. As a dentist, you may already be using video conferencing in your practice. Either way, you need to make sure you are HIPAA compliant.
What is HIPAA compliant video conferencing for dentists? What does it simply mean?
As a healthcare provider, you are most likely very familiar with HIPAA and their strict requirements to be compliant. Hopefully, you have done all the necessary work to adhere to the protocols laid out by them for your work spaces, operatories, work stations, and consultation rooms.
But what about your electronic means of communicating with your patients? Are you compliant when electronically giving and receiving sensitive patient information when you video conference with them? Video conferencing for dentists if fairly new but more and more dentists are using it.
Video conferencing does involve the electronic exchange of a patient’s sensitive health data, so it falls under the strict regulations laid out by HIPAA.
What are the security requirements for video conferencing with a patient?
- End-to-end encryption, meaning calls go directly from one person to the other without any intervention from a third party.
- Unique user identification features – each person using the system can be verified and authenticated.
- Automatic log-off – the call shuts off after a predetermined amount of non-activity.
- Audit controls – mechanism in place that monitor who is accessing the information.
- Person/identity authentication – this prevents the information being shared cannot be traced back to an individual user.
- Breach notification – users being alerted if there should be an unauthorized access of the private information.
Isn’t using encryption enough?
In a word, no.
Skype is not compliant even though the information can be encrypted. Encryption means that the information is converted into a code to conceal the data and to prevent unauthorized access. HIPAA requires not only that it be encrypted while it is being transferred, but also while it is “at rest,” meaning when it is stored on servers.
Desktops, laptops, or any and all portable device must use disc encryption. https://github.com/truevault/hipaa-compliance-developers-guide/blob/master/04%20HIPAA%20Security%20Rule.md
Skype, Google Hangouts, (and many other video programs) may use encryption, but they are not HIPAA compliant.
What disqualifies a software program from being compliant?
- Does not have audit controls.
- Data is stored on their servers and their access is not protected.
- Does not have breach control.
- Does not have a “Business Associate Agreement” with HIPPA. This is an agreement the provider has with HIPAA which allows you to trust them with sensitive patient data.
- Not able to authenticate the person/entity involved in the transmitting of information.
- No automatic log-off function.
Denteractive video conferencing software meets all of the requirements of HIPAA.
Being able to video conference with your patient is a wonderful and effective tool for both of you. Besides creating a better relationship, it’s something that many patients need and want. Providing the service is a great idea, but it is essential that you know and understand what must be the foundation for providing and using this service and being in compliance with HIPAA.
- Access control.
- Transmission security.
- A “Business Associate Agreement” access controls.
- Device and media controls.
- Security management procedures.
- Breach notifications.
- Person-to-person or person-to-entity authentication.
- Audit controls.
- Workstation security.
- Risk Analysis.
You can rest easy and have peace of mind in knowing that we met all the requirements of HIPAA when using our product. We respect and hold in high regard your profession and the security of your patients at all times.
So the next time you wonder “Am I in compliance with HIPAA?” know that we have you covered and you don’t have to worry.