Skype for Business HIPAA Compliance

Skype for Business

Apparently, Skype may seem like an ultimate telemedicine platform or a method for healthcare employees and billing staff to electronically process the data internally. However, we would not recommend any of our customers use Skype software to share PHI (Protected Health Information). The basic version of Skype is certainly not HIPAA compliant; it does not consist of technical security protection that assures a number of guidelines specified by the Department of Health and Human Services. 

Skype for Business

HIPAA Compliant Telemedicine

When it comes to choosing a HIPAA compliant telemedicine platform, we always recommend sticking with a service built particularly for telemedicine and comply with HIPAA compliance regulations. The HIPAA guidelines on telemedicine are contained within the HIPAA Security Rule and specify only official users should have access to ePHI; implement secure communication to defend the integrity of ePHI and to prevent unintentional or malicious breaches. HIPAA requires that providers obtain a signed informed consent from the patient in order to progress with the telemedicine visit. 

Skype for Business1

HIPAA Compliant Instant Messaging

For HIPAA compliant instant messaging services, choose cooperation software personalized for the healthcare industry. These software vendors specialize in HIPAA obedience, constructed to support for organizational and technical controls into their software, and are ready to sign Cover Entities and Business Associate Agreements (BAA). The Business Associate’s Agreement (BAA) is necessary because it shows that entities obey with HIPAA equally, but it also provides remedies should the telemedicine solution you partner with have a breach or other HIPAA disobedience.

What about Skype for Business?

Skype comes in number of free and paid versions, but the basic, customer oriented one is not HIPAA compliant. It is true that Skype for Business provide more protection features than a basic Skype plan, but it is not intended for HIPAA compliance. Skype for Business is not integrated services enclosed in their business associate agreement, and is lost key features such as inclusive user activity observation, data threat notifications and the facility to manage encryption keys. Skype for Business is not applicable to covered entities and their business associates. It does not contain protection data privacy in that all audio/video communication that is securely encrypted.


No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *