The global pandemic forced nearly most companies, and health establishments to go remote and continue telehealth operations from home.
As business owners, health workers and employees try to adapt to the new pattern of working from home, showing up to executive meetings, attending to patients, having budget conversations, and attending to customers while maintaining their return on investment.
The main challenge is always about finding the right and HIPAA secure video conferencing setup that would help health workers to stay on top of their game at the end of the day.
Even now, most people work from home, treat patients via video calls, and build an online community where they teach their listeners and audience through video conferencing.
The challenge of the hour is usually about logistics such as setting up the video conferencing for the meetings, finding the right platform that gives them every feature they need for a smooth transition, and making sure that the system requirement is supported for all devices.
Luckily, the basic system guidelines for HIPAA video conferencing are easy to follow for a high-quality video and audio result. We’ve put together a simple guide and complete checklist that will guide you to set up and run your HIPAA video conferencing without any hitch. Ready? Let’s get to it.
How Does HIPAA Involve Video Conferencing?
The HIPAA which is short for health insurance portability and accountability act guarantees the protection of every data and sensitive information collected on patients during telehealth services.
This data and information are classified as Protected Health Information (PHI) and electronically protected health information if they’re collected in electronic form. These include the patient’s name, residence address, medical history, place of birth, social security number, and even photos.
Also, the HIPAA protects data such as videos of the patients or recorded online meetings on any HIPAA video conference platform such as Zoom which counts as ePHI.
In most cases, the collected videos contain a lot of personal information about the patient like their names, medical history, faces, and the rest. If the collected information doesn’t show any identifiable feature or information that will likely implicate the patient or make them uncomfortable, the data is not considered ePHI.
When a video platform is said to be HIPAA compliant, it means that such platform intentionally covers the first of three basic safeguards which is a technical safeguard, the rest are physical and administrative safeguards.
Any video platform is considered an IT system, this includes Youtube, VIMEO, and the rest. Each of these platforms must be carefully evaluated and analyzed to ensure that it covers necessary security protection and compliance for the sake of the patient.
Even if the platform has a physical and administrative safeguard in place, a weak IT system leaves everything potentially vulnerable to cyberattacks and malware.
The HIPAA rule insists that IT systems for every video conferencing must have security features that comply with NIST standards.
What this means is that the platform must be at rest and in transit encrypted at both ends. This end-to-end encryption renders every potential attack and intercepting attacker powerless and feated by converting it into a ciphertext. All encryption on video data must also comply with FIPS 140-2 encryption standards.
Choosing a HIPAA Video Conferencing Video Requirement
Before you choose any video platform, you need to ensure that the platform provides a sufficient response to the following questions:
- Do they have and sign a business associate agreement?
- Does the platform have HIPAA-compliant safeguards in place?
- Do they offer end-to-end encryption (E2EE) for free and paid accounts?
- Does the platform route calls through a protected server or do they have peer-to-peer video connections for the users?
- Is there a means for user authentication and audit logs?
- You need to also check if other healthcare establishments use the platform and left positive reviews about them
HIPAA Video Conferencing Setup Requirements: Your Complete Checklist
In today’s video conferencing world, you’ll get a variety of central cloud-hosted systems that are designed for routing calls between personal devices and meeting room advice clients.
We’ll touch on a complete checklist of what your HIPAA video conferencing setup ought to look like, the features to expect, and what you can get from the right setup. This includes computing, network, and webcam necessities.
However, without an appropriate and sufficient network, the video conferencing gadget may not perform and yield the desired result.
The HIPAA Journal Compliance List contains more details and a checklist that you may like to check out including the analysis provided by the HIPAA Security Rule, an arm of the U.S. Department of Health and Human Services.
SSO and IAM Integration
The Integrate Identity Access Manager (IAM) and the Single Sign-On (SSO) are highly important assets to consider when setting up a HIPAA video conferencing platform. One central detail to look out for is the unique password and username that is generated for every user of the platform. Thus, the platform must be able to integrate with the health establishment’s SSO and work together without difficulties.
Permissions and Access Control
The permission and access control ensures that only authorized individuals and users are granted access to the content and data on the video conferencing platform. Even different doctors shouldn’t have access to the data of their patients. This involves protecting the right and confidentiality of the patient in question. Also, there must be restricted use after access and defied permissions. Per clause 164.312(a)(1), even the sharing and downloading of the patient’s data shouldn’t be encouraged.
In keeping with clause 164.312(c)(2, one must be able to verify if an uploaded video file is the marked one and whether there are altercations to the data. There ought to be mechanisms in place to hash and ensure that unauthorized parties do not make any changes to the file.
FIPS Compliant End-to-end Encryption
The Federal Information Processing Standards (FIPS) is an encryption-compliant technique and standard set by the National Institute of Standards and Technology (NIST) for adoption on all video platforms. This ensures that all videos are encrypted and can only be decrypted by the video player at the same end. From upload, storage, and even the use of video files.
Another checklist is to ensure that the video conference platform can provide a comprehensive list of the possible actions one can access and perform on the platform. It should also contain the kind of content that can be accessible, and how and where to access them.
There must be a chronological record of the performed action in the oast on particular files, the users, the viewers who viewed it, when they did so, and the specified actions from their end.
Custom Login Timeout
The system should automatically log out an inactive user after a certain period, which could be custom set by the admin. The time should usually be very narrow; about 15 to 30 seconds.
Other requirements for basic video conferencing setup include the following:
One of the crucial qualities to expect from a video conferencing setup is the resolution of the webcam. This is important because it captures details such as gestures, facial features, and identification of the participants.
This is dependent on the computer of the users, If the computer doesn’t have a fast processor, it’ll also affect the video and audio quality of the meeting.
A good computer should at least have a quad-core and a 2 GB of RAM processor.
Video conferencing system
If you want to get the best quality call experience during a video conference, you need to ensure that the conference equipment is built to give a splendid experience during a virtual meeting. This includes the cloud-based room and wireless screen share for all the meeting participants to share and interact with each other.
Video display screen
One requirement for checking the video display screen size is the number of people on the video conference. If the number is small. A small display screen will suffice whereas the 4k television is the perfect choice for a larger number of people.
A specific feature most participants always check out for is the audio quality of the video setup. The audio quality ensures that nobody strains their ears to hear a patient or receive feedback from the doctor. Conference phones have cancellation features for noise and echo, and automatic noise reduction features which in turn give the participants a crystal clear audio experience. Some ultra meeting rooms for larger meetings usually use the extended mic for their meetings.
Video conferencing software
Google hangout is a typical example of a video conference software that is not HIPAA recommended for video conferences. Privacy and confidentiality must be placed on the priority list when choosing video conference platforms.
Examples of HIPAA video conference platforms include Zoom for Healthcare, VSee, GoToMeeting, and Simple Practice Telehealth. It’s also necessary to read their terms and conditions ensuring that they are HIPAA compliant indeed before exposing the client to their use.