A hot topic! Here at CloudVisit, we cringe at medical professionals mentioning that they sometimes use Skype for patient consultations.
First, let’s go over the basics of HIPAA requirements for telemedicine services. HIPAA requires telemedicine providers to protect patient rights by securely storing and transferring private patient medical records. To keep patient records confidential, the telemedicine system must properly encrypt all information, both in transmission and at rest – per HIPAA standards. A business associate agreement (BAA) must be signed between the telemedicine provider and the medical practice to ensure proper encryption.
What’s wrong with Skype?
In short: Skype is not HIPAA-complaint.
Skype’s slogan is “Free calls to friends and family.” The company is fantastic at what it does – as a social platform – but, it cannot be expected to follow all healthcare requirements for the simple reason that healthcare isn’t what Skype was built for.
Skype only encrypts its in-transition video. Any information saved in the Skype cloud does not claim to be encrypted. This is the first breach of HIPAA.
Microsoft (which owns Skype) does not sign BAAs for the platform. The second HIPAA breach.
Doctors have been penalized for using Skype for patient communication. While telemedicine software isn’t free, it can be very affordable – such as with CloudVisit. In our eyes, the guaranteed security and legality certainly justifies the feasible price.