Is Skype HIPAA Compliant?

We live in an era of technology and how. We are so dependent on technology that it becomes almost implausible that we live without being invaded by it. Every aspect of the day-to-day work we do relies on technology.  Be it buying something online or ordering food, our personal details and information goes online and becomes a prey to infiltration. In the modern times, even doctors and medical health experts connect with their patients through technology or through the medium of an app to be precise.

Skype for Business1

Apps come handy when you have to connect with your patients easily. A face-to-face interaction never goes wrong and can easily help you analyze certain things about your patient. What is to be considered here is an important question about the privacy of the patients!The physicians use certain apps that are of course handy but they were not designed to be completely compliant with the privacy rules. Just like Skype is very useful when it come to the interaction between the doctor and the patient but are a potential threat to the personal information shared on it.

Skype for Business

Ian Morris reports in Forbes “According to figures from 2013, Skype is now used by 300 million people worldwide.” These high user numbers mean Skype is a valuable, high profile target for information thieves. So here is you need to know if Skype is HIPAA compliant. Technically Skype is not HIPAA compliant but Skype for Business is. The Information that is transferred as a part of the health information should be subject to the privacy rules. This further mandates that Skype should obtain the Business Associate agreement from Microsoft before the transmission of any information or ePHI.

HIPAA guidelines maintain that any software or app that transmits customers’ protected personal health information needs to comply with a 128-bit level of encryption. Although, Skype’s is 256-bit encrypted, it still doesn’t mean that Skype is HIPAA compliant.  Other than that, a secure back up of all messages and audit trails should be maintained for Skype to be HIPAA compliant. Adequate precaution and prevention measures to apply controls and regulate them from ePHI being transmitted outside the organization should be taken and checked upon frequently.


Add a Comment

Your email address will not be published. Required fields are marked *