What is a HIPAA-Compliant Telehealth App?
Providers looking into purchasing a HIPAA-compliant telehealth app are not adrift at sea. A variety of telehealth apps claim to offer HIPAA-compliant telehealth audio, video, or both
- Skype for Business (Enterprise E3 or E5)
- Microsoft Teams
- Zoom for Healthcare
- G Suite for Enterprise
Providers, before using these apps, must enter into a business associate agreement with the app. If the app does not offer a business associate agreement or refuses to enter into one, the app is not HIPAA-compliant.
The app must offer a secure and compliant storage service. Having end-to-end encryption, robust access and audit controls, automatic log-out systems, multi-factor authentication, and the ability to provide unique user login credentials and passwords to patients and authorized users, are critical for Security Rule compliance.
App settings must be properly configured to render the app HIPAA-compliant. Providers must properly implement these settings. Providers may consult their own IT department or a third-party managed IT service (often called an MSP, or managed service provider) that offers technical support to healthcare organizations, to ensure app settings are properly configured.
Click here to view information on MSP services and selection guidance. For more information on HIPAA-compliant telehealth, please click here.