Skype was one of the first platforms that allowed businesses to conduct meetings virtually; as such, it is a popular tool for many businesses. Recently, many health practices have turned to telehealth and telemedicine to treat patients. However, before it is permitted to utilize teleconferencing tools, HIPAA covered entities and business associates must ensure that the tool is HIPAA compliant. That begs the question: Is Skype HIPAA compliant?
Is Skype HIPAA Compliant: Safeguards
The free version of Skype does not have the required safeguards to be HIPAA compliant. Skype for Business does, however, only if the Enterprise E3 or E5 package is purchased.
The following are Skype HIPAA compliance safeguards available for Skype for Business Enterprise E3 and E5 packages:
- Access controls. Must be activated on all devices, preventing unauthorized access to protected health information (PHI). Access controls ensure that only members within the organization have access to PHI.
- Audit controls. Enabling backup, ensures that Skype messages are securely saved. This in turn allows an audit trail to be maintained. Audit logs are required by HIPAA, ensuring that PHI access is not accessed excessively, in accordance with the minimum necessary standard.
- Automatic log-off. Must be turned on. Automatic log-off prevents unauthorized access to PHI, as it logs off users that have been idle after a predetermined amount of time.
- Encryption. Skype utilizes AES 256-bit encryption, which is an advanced encryption method. Encryption masks sensitive data, PHI, making it unreadable to unauthorized individuals.
Is Skype HIPAA Compliant: Business Associate Agreement
Skype, as a Microsoft product, is covered under their business associate agreement (BAA). However, Microsoft has several BAAs, and not all of them cover Skype. Additionally, even with a signed BAA, it is up to the end user to ensure that Skype is configured properly for HIPAA compliant use.
Is Skype HIPAA Compliant?
Yes, but ONLY Skype for Business Enterprise E3 and E5 packages. Utilizing any other version of Skype is NOT HIPAA compliant.
For more information on HIPAA compliant teleconferencing tools please click here.