HIPAA Compliant Telemedicine and Telehealth Providers
Notice: During the COVID-19 pandemic, OCR has suspended the HIPAA Compliance rules for telemedicine as long as providers make a “good faith effort” to secure their records and data. Read more about HIPAA Compliance During Coronavirus.
Only private video conferencing companies are currently exempt under the rule suspension. In addition to the Telemedicine and Teleheatlh Providers listed below, Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, or Skype are solutions that Covered Entities can use without having a Business Associate Agreement in place.
Video services like Facebook Live, Twitch, or TikTiok should not be used for any Telehealth services because they are public facing. OCR advises that you should inform patients if you are currently using a solution without HIPAA Compliance in place.
When evaluating HIPAA Compliant Telemedicine and Telehealth Providers, the highest priority is to find a provider who offers HIPAA Compliant solutions. Telehealth is a great option for almost any practice including psychologists, psychiatrists, counselors, primary care doctors and other medical providers. Some providers even allow you to integrate medical devices.
For example, because Apple will not sign Business Associate Agreements (BAAs), Facetime is not HIPAA Compliant and should not be used to communicate or counsel patients that involve any PHI (Patient Health Information). Technically and Security wise, Apple meets most of the requirements, but without the BAA you could be exposing your organization to significant fines.
It's important to understand that if you are interested in using an application like Skype to conduct video or audio sessions, you must have a Business Associate Agreement with Microsoft directly in place. This is part of the requirements of HIPAA. It is possible to do this, but there are many providers who are already HIPAA Compliant that can provide the necessary data security and compliance as an all-in-one solution including the BAA.
Jacco Blankenspoor
Managing Editor HIPAA HQ
Using a managed service provider or dedicated solution is a fast and easy way to quickly get your practice or healthcare organization online and ready to use Telemedicine and Telehealth while making sure your data is HIPAA Compliant.
The Full List of HIPAA Compliant Telemedicine and Telehealth Providers
- PRICING
Recommended Provider: GoToMeeting
Part of the GoTo family of products, GoToMeeting offers HIPAA Compliant video conferencing with 24/7 phone and chat support. The Professional plan offers unlimited meetings with HIPAA Compliant protections like end-to-end encryption, SOC2 data centers, and a signed Business Associate Agreement (BAA). The Business Plan adds a good value by including features like unlimited video recording, transcription, meeting lockouts, and more.
For all plans, GoToMeeting includes an active Risk Based Assessment that determines whether the behavior of your account, like logging in from unusual places, could be a security vulnerability. This is similar to most HIPAA Compliant services, but could be useful for Covered Entities.
Along with mobile apps, GoToMeeting also integrates with services like Office365, Google Calendar, Slack, and Salesforce.
Quick Links
- PRICING
Zoom for Healthcare
Zoom for healthcare provides HIPAA compliant video conferencing, screen sharing, and audio services for Covered Entities (CE’s) who need telehealth services. Zoom Protects and encrypts all video, data, and audio for healthcare organizations and medical practices who have signed a Business Associate Agreement (BAA).
Zoom gives you the option to record sessions and store them securely. You can collaborate with others, add notations, and share screens without Zoom for healthcare storing the PHI (patient health information) data that is being shown. Meetings that you set up with Zoom are not publicly listed and only people that are invited can join. You also have the option of integrating with medical devices for more advanced care. Zoom for Healthcare also works with Epic.
Besides HIPAA/PIPEDA Compliance, Zoom for Healthcare is also SOC2 compliant, TRUSTe verified, and participates in the EU-US Privacy Shield program.
Quick Links
- PRICING
Doxy.me
Doxy.me makes Telemedicine easy to use for providers and patients alike while providing a secure, HIPAA Compliant service. They offer a full suite of services including video conferencing, secure chat, patient billing, and even waiting rooms for patients. Doxy.me offers three levels of service with unlimited sessions and minutes - free, professional, and clinic. All accounts include a Business Associate Agreement (BAA) and access to IOS and Android Mobile Apps. Only a browser is required to use Doxy.me. All plans are HIPAA, HITECH, PIPEDA, PHIPA compliant with end-to-end encryption.
If you are interested in more features, the professional plan ($35/month) gives you some nice upgrades like HD Video, room passcodes, a waiting room with a patient queue that lets you view patients who are waiting and send them messages. One of the most important features at the professional or clinic level is the ability to bill patients directly as long as you have a Stripe account. Custom branding is available for an extra $300 and takes about 24 hours after they receive your material to go live.
Clinics ($50/month/provider) get a white glove setup with more admin features, a custom BAA and a custom security view. The Clinic plan comes with a dedicated rep and many more access control features for larger organizations who need the ability to customize security, work with colleagues, and view advanced analytics.