BlueJeans is a cloud-based telecommunications platform that was created in 2009 by Verizon. With the uptick in the use of video conferencing for telehealth, it is important to consider whether or not certain tools are HIPAA compliant. The question of – is BlueJeans HIPAA compliant – is discussed below.
Is BlueJeans HIPAA Compliant: Business Associate
Under HIPAA, business associates are any entity that creates, receives, transmits, maintains, or stores protected health information (PHI) on behalf of their covered entity clients. As such, platforms that are used to provide telehealth services are considered business associates. As a HIPAA business associate, telecommunications platforms used for telehealth must be HIPAA compliant. This means that they have to have certain security measures in place to ensure the confidentiality, integrity, and availability of PHI. They also must be willing to sign a business associate agreement.
Is BlueJeans HIPAA Compliant?
The information on BlueJean’s website about HIPAA compliance is contradictory. In their Anywhere Telehealth Care in the Cloud PDF document, they state that BlueJeans can be used for telehealth. BlueJeans does have all of the required security features to be HIPAA compliant. They utilize encryption making PHI readable to only authorized individuals, “Blue Jeans Network does not store any video conference content, in any format. This security infrastructure means Blue Jeans has no control over the content you share via video conference. It is the responsibility of HIPAA covered entity to comply with HIPAA regulations, and our secure infrastructure can be part of your compliance solution.”
Although they say that their platform can be used in a HIPAA compliant manner, in a separate document, they state that BlueJeans cannot be used in conjunction with PHI. BlueJeans states in their Terms and Conditions that, “Customer agrees not to cause, or otherwise request that BlueJeans create, receive, maintain or transmit protected health information (as defined at 45 C.F.R. § 160.103) for or on behalf of Customer in connection with the Service or in any manner that would make BlueJeans a business associate (as defined at 45 C.F.R. § 160.103) to Customer.”
Since BlueJeans doesn’t consider themselves to be a business associate, they are unwilling to sign a business associate agreement (BAA). So the answer to – is BlueJeans HIPAA compliant – is no. Until BlueJeans is willing to accept the fact that they are a business associate, if they want healthcare clients to use their service for telehealth purposes, BlueJeans telehealth service cannot be used in conjunction with PHI. Although they have all of the required security measures in place, their unwillingness to sign a BAA makes their service noncompliant.
Do You Need Help Finding a HIPAA Compliant Tool?
Compliancy Group can help! Our team of expert Compliance Coaches can help you choose the right HIPAA compliant telehealth tool for your practice. For more information on how Compliancy Group can assist you, please click here.
Need Help with HIPAA?
Let our complete HIPAA solution handle it.