Is Skype video conferencing HIPAA compliant?
I was talking to a Doctor and friend of mine today and a question came up
about teleconferencing, and meeting compliance while doing so.
To start answering this question let it be known that HIPAA doesn’t certify software as being HIPAA compliant or not.
Secondly on 6.10.11 – Skype representatives contacted a company named Breakthrough and stated “Skype is merely a conduit for transporting information” (Click here to read the entire message written)
Now let’s look at Skype itself…
According to them, assuming they’re telling the truth:
Skype uses the AES (Advanced Encryption Standard), also known as Rijndael, which is used by the US Government to protect sensitive information, and Skype uses the maximum 256-bit encryption. User public keys are certified by the Skype server at login using 1536 or 2048-bit RSA certificates
So from a techie point of view, they are indeed “HIPAA compliant.”
Skype is basically a tool to transport video images from one location to the next.
They do not store video or audio on their servers, so therefor you could have a video conference without violating HIPAA rules.
HOWEVER, if you chat on Skype about patients it’s a whole different story because those conversations would be consider Personal Health Information and because the chats ARE stored on their servers, that would be a HIPAA violation.
Skype is compliant but are you?
But once again, secure technology is only as good as the people using it.
If you aren’t using secure passwords, don’t have a firewall in place, don’t log off of your computer/Skype when you are done, then you’re still violating HIPAA regulations.
In order to be HIPAA compliant while using Skype it’s more about keeping the environment
around you and the program secure rather than the actual program that you are using.
If you’re looking for more information visit this awesome blog post I found:
Is Skype HIPAA Compliant II
Leave a comment and share your thoughts on Skype and HIPAA Compliance!
About Edson Monteiro.
Edson is a compliance & security specialist, as the President of Sentinel Digital Systems and author of Tech-Source blog, he helps small businesses meet guidelines and saving them big bucks on penalties