As more and more people turn to digital tools to communicate remotely, whether it’s keeping in touch with their loved ones, managing workflow or communicating with customers, video conferencing is gaining more attention.
Healthcare is certainly not an exception. An increasing number of providers want to hold their consultations online. This requires reliable video conferencing solutions that seamlessly integrate with a wide range of audio and video devices, specialized medical equipment, as well as provide a high level of security and of course offer HIPAA compliance.
Video Conferencing During COVID-19
Digital health solutions were already on the rise before the worldwide outbreak of COVID-19, but given the enormous workload on medical staff during the pandemic, the need for solutions that allow providers to continue delivering medical care remotely and at a high level is greater than ever. In this era of digital transformation, the evolution of health care services is inevitable, providing a cornerstone for practices aiming to enhance patient accessibility and care continuity through innovative solutions.
Since the COVID-19 pandemic began, the number of telehealth consumers has increased, from 11 percent of the U.S. consumers using telehealth technologies in 2019 to 46 percent of consumers now using telehealth instead of canceled medical visits.
During the pandemic, some video conferencing software developed additional features for telemedicine, and others solutions were created for the healthcare industry only. However, to be used in medical environments, both of these choices should meet HIPAA compliance requirements.
What is HIPAA Compliant Video Conferencing?
In short, HIPAA compliance (Health Insurance Portability and Accountability Act) means meeting strict security and privacy standards for any software used to store or transmit data related to patients’ personal health information. This applies to protected health information (PHI) transmitted via video, audio or text.
These security and privacy rules are important because patient data and medical records are very sensitive, and this information can be used to harm people, for example, for stealing identity. In parallel, healthcare app development is becoming increasingly vital, offering a comprehensive digital solution that integrates seamlessly with these video conferencing tools to enhance patient care and data management. Thus, these regulations are established to protect remote patient-doctor communication from civil and even criminal punishments for ignoring them.
The best practices for HIPAA-compliant video conferencing
End-to-End Encryption (E2EE)
For video conferencing, the key factor is to provide assurance that third parties and intruders cannot access a video call or intercept the media streams.
In E2EE, the data is encrypted on the sender’s system or device, and only the intended recipient can decrypt it. As it travels to its destination, the message cannot be read or tampered with by an internet service provider (ISP), application service provider, hacker or any other entity or service.
Local File Storage
The responsibility for the storage of patient data rests with the practitioner and should never be left to a vendor. Third-party storage of health information is in direct violation of HIPAA standards as it allows for access to data beyond the client/practitioner relationship. Instead, all the data (videos, chat texts, client files, etc.), should be stored locally on a healthcare provider’s side, and therefore not accessible to the vendor.
While mental health providers follow HIPAA regulations that offer guidance and solutions to potential security issues, patients should also take care and make sure their sensitive information is not accessed through their personal devices.
Here are 15 of the top HIPAA-compliant video conferencing services
TrueConf
TrueConf offers a 4K telemedicine platform that works offline, without Internet connection, and can be hosted on your hospital’s premises. It delivers reliable communication experience and protects sensitive health data, integrates with medical equipment, supports DICOM file and test results sharing, video capturing from various equipment (e.g., endoscopes), patient monitoring and live surgical streaming.
TrueConf can be used on all popular operating systems and browsers, allowing patients and doctors to connect from their own devices. Additionally, it can be embedded to existing apps and solutions, e.g. telehealth apps.
- TrueConf offers a free version for up to 12 participants with no time limits.
- Medical institutions have a 50% discount on TrueConf Server licenses.
- Secure video chats and conferences with a number of collaboration tools
- Self-hosted and works offline.
Doxy.me
Originally created for university research, Doxy.me provides remote medical care via video and audio. As one of the most popular communication solutions, Doxy is a HIPAA-compliant video conferencing tool. The program’s interface is user-friendly, patients don’t need to install or log in to connect and communicate with healthcare providers.
Doxy’s waiting room feature includes a patient queue and allows patients to check in virtually, so their provider knows they’re ready for the appointment. Each waiting room is customizable with images, videos, and reading materials for patients. In-app appointment management offers higher levels of flexibility compared to other video conferencing services. Providers can reschedule appointments quickly if a patient is running late.
- Free for limited services, $35 per month for individual professionals, $50 per user for clinics
- Reviewers on Capterra highlighted the solution’s free option and ease of use but mentioned that calls drop if the internet service isn’t strong
- Mobile notifications make it easy for patients to receive messages
Thera-LINK
Like Doxy.me, Thera-LINK is a browser-based video conferencing tool focused on mental and behavioral health providers. HIPAA and HITECH compliant, all web traffic, video, database, and file backup within the tool is encrypted. Couple, family, and group sessions are possible by allowing multiple participants in a meeting.
Although it does not come with a free plan, Thera-LINK is provided with scheduling features and bandwidth auto-detection to ensure the right video quality is selected automatically without any user input.
- Individual plans: $30 per month (limited to five sessions per month), $45 (unlimited sessions), $65 (unlimited sessions and other security benefits)
- Focused on mental and behavioral health
- Practice management (PM) for individuals and small to medium-sized organizations
TheraNest
TheraNest is a web-based mental health solution used by individual, group, nonprofit, and educational organizations. Providers can use these tools for video conferencing sessions with a maximum of six participants per session. Other features include insurance billing workflows, calendar scheduling and unlimited storage of client information. Telehealth tools allow clients to join sessions via personalized session links without having to enter a password or download software.
- $38 per month (additional $10 for each user to take advantage of HIPAA-compliant video conferencing)
- Unlimited users, storage, and support $38 per month (additional $10 for each user to take advantage of HIPAA-compliant video conferencing)
- Specifically tailored for mental health applications
SimplePractice
SimplePractice Telehealth is a HITRUST and HIPAA-compliant telehealth application that allows providers and patients to connect via secure video communication for virtual consultations.
Its software is well designed, and flows more intuitively than many other products on the market. SimplePractice includes not only basic teleconferencing tools, but also online booking, file sharing and auto-payment for credit card billing. Patients can make their own appointments through an in-app calendar and share information before appointments.
SimplePractice also offers an impressive variety of options for plans & notes – Wiley Planners, pre-built templates for numerous professions, and a tool to create forms from scratch.
- Individual plans: $39 per month for Essential plan, $59 per month for Professional plan (includes several extra features such as HIPAA-compliant messaging)
- Group plans: $59 per month for the first clinician, $39 for each additional clinician
- Includes integrated features such as free appointment reminders (SMS, email, and voice), a mobile app, and e-claim filing
Zoom for healthcare
Zoom is known for its free cloud-based video conferencing capabilities, but it also offers a HIPAA-compliant health care plan. The service offers in-app file sharing, a patient waiting room, mute/unmute audio features, screen sharing and desktop recording, a chat messenger, a whiteboard tool and AES 256 encryption.
Zoom for Healthcare doesn’t offer important services like billing or appointment scheduling features. However, it does offer the ability to integrate with third-party applications through dedicated healthcare software services.
- $200 per month for up to 10 accounts
- Consistent, high-quality video
- Commonly used for webinars
VSee
VSee is a secure telemedicine platform with a variety of HIPAA-compliant solutions. Patients can send status updates such as photos, food diaries and mood charts.
The free plan includes unlimited one-on-one video calls both through the app and browser, unlimited secure messaging, real-time annotation screen sharing and file transfers using end-to-end encryption.
VSee Clinic can also be used to simplify patient care with efficient workflows that free up time for both providers and patients.
- $49 per month for individual users; contact sales for enterprise pricing
- Used by large organizations, such as Shell and NASA
- Optimized for areas of poor internet service so it’s good for clients overseas or in rural areas
GoToMeeting
Although GoToMeeting does not have a specific medical focus for video conferencing, the software is HIPAA compliant. For telemedicine, GoToMeeting offers high-quality video, enhanced audio, encrypted sessions, in-app note taking, screen sharing, appointment blocking, and chat messaging, allowing healthcare providers to communicate securely and efficiently with their patients from anywhere.
While GoToMeeting is sufficient for video conferencing, it lacks patient management tools such as medical device integration, billing or appointment scheduling.
- $12 per month for Professional plan with limited meeting organizers
- For Enterprise plans, contact sales
- Suitable for many different device types
Medici
Medici is a mobile telemedicine app that provides virtual care via high-quality video and secure text messaging. Patients can view a physician’s pre-treatment consultation course and request video calls at any time.
Medici provides not only HIPAA-compliant chat and video calling software, but also other features such as real-time translation for more than 20 languages, built-in revenue dashboards, multi-patient and clinical workflow management systems.
- Medici offers both a free and paid plan that starts from $149.00 per month, per provider
- A robust mobile app gives doctors access to almost every feature on the go
- Patients easily get messages through mobile notifications
Mend
Mend is a cloud-based healthcare communication solution that enables patients and providers to connect and share files, messages, assessments, photos and data.
Mend provides options for integrating telemedicine software with electronic medical records. Users can share information with patients or within the organization using a drag-and-drop interface to upload files and invite patients to chat using email links.
Mend can also be used to collect health information from patients like consent forms, medical histories, scanned images of identification, case management documentation and more.
- Individual plans: $49 per month (if paid annually)
- Seven-day free trial
- Patient intake forms and appointment reminders are available for all plans
- No download needed
Chiron Health
Healthcare providers can take advantage of Chiron Health’s cloud-based video meeting services. This HIPAA-compliant tool offers EMR systems integration and streamlines workflow management, insurance verification and billing. Appointment calendars show physician availability and allow patients to schedule appointments.
Automated appointment reminders inform patients of upcoming appointments. The solution is able to automatically calculate patient payments such as co-pay and co-insurance.
- Independent plan: $150 per month, per provider ($1,440 when billed annually)
- Guarantees full reimbursement through private payers
- Unlimited live video visits, scheduling, automated appointment reminders, branded web app and email communications, and patient mobile apps available for all plans
- Integrates with EHR/PM tools
VTConnect
VTConnect offers a HIPAA and HITECH-compliant telemedicine solution to connect securely with clients from virtually anywhere, anytime using any device. Video conferencing technology enables not only individual sessions but also group sessions, allowing patients and providers to connect to the system via desktop and mobile devices.
VTConnect allows its users to enjoy features such as live chat, file sharing and data storage. End-to-end encryption and password protection are used to ensure the safety of PHI.
- Provides HIPAA Compliant legal and consent form templates starting from $45
- Individual plans : $49.95 per month with unlimited teleconferencing and signed BAA
- Professional plans : $199.95 per month (includes up to 5 practitioner license, unlimited teleconferencing and signed BAA)
- Virtual Online Office Portal for collecting payments, encrypted messaging, sharing documents and more
MegaMeeting
MegaMeeting is a robust, all-in-one solution for telemedicine services. For users, it is a platform that provides video conferencing and webinars in a single, user-friendly interface. Collaboration tools work seamlessly thanks to powerful communication features. Doctors can share their screens, share files and chat with patients. Unique access keys ensure the highest level of HIPAA-compliant security.
Additionally, each provider can integrate MegaMeeting telemedicine solutions with their existing health record systems and electronic scheduling.
- Plans start at $19 per month, per host when billed annually (for up to 20 attendees per meeting)
- 14-day free trial option before purchase
- Allows for private branding for more a professional look, as well as branded URLs through a custom DNS feature
- Meetings are recorded as .mp4 files
eVisit
The eVisit platform supports telehealth services for small and large medical providers, including private practices, hospitals, clinics, and health systems. eVisit also includes EMR integrations, scheduling and waiting room management, follow-ups on discharged hospital patients, scheduling on-demand appointments, managing prescriptions, all the way up to billing and payments, using payment links. Providers receive updates and notifications about patient wait times. Flexible scheduling enables both walk-in visits with on-call providers and appointment booking for telemedicine services.
- eVisit doesn’t offer a free trial or free version of the software
- Request a demo for pricing information
- All eVisit users have access to unlimited technical support
Webex for Healthcare
WebEx has described its WebEx for Healthcare video conferencing and mobile app as easy to use and easy to host. With WebEx, a provider has the ability to conduct remote video consults with patients, and message patients with quick answers to questions. Patients can book their own appointments through the calendar functionality within the app.
Webex is also ideal for group practices or organizations because you can use it to send documents to other providers, host team meetings, or training sessions, while still keeping client and organization information secure.
- Plans start at $13.50 per month, per host
- Customer support at any time
- A wide range of collaboration tools
Is WhatsApp/Facetime video conferencing HIPAA compliant?
WhatsApp (from Facebook) and FaceTime (from Apple) are communication platforms that allow users to send text and voice messages as well as make voice and video calls. Since WhatsApp and FaceTime are extremely widespread, people are wondering if they are secure enough to be used in the healthcare industry. Like any communication platforms used to transmit protected health information (PHI), they must be HIPAA compliant.
If these apps serve to transmit electronic PHI, WhatsApp and FaceTime are considered by law to be a business associate (BA) of the employing health care provider. To be deemed HIPAA compliant, the BA needs to execute a Business Associate Agreement (BAA) with the HIPAA-covered entity (health care provider). This agreement will outline all of the security measures that must be put in place to ensure the protection of PHI.
One of the main features of WhatsApp and FaceTime that makes health care providers think twice is end-to-end encryption of all messages. This is a great security feature that allows only the sender and recipient to see the transmitted data. The problem is that there are no access and authentication controls in place to prevent unauthorized app access.
We can safely conclude that due to security shortcomings and Facebook and Apple’s unwillingness to sign the BAA, WhatsApp and FaceTime are not HIPAA compliant.
The Bottom Line — Is Video Conferencing HIPAA Compliant?
As telemedicine becomes more popular, protecting the patient and their confidential information becomes a greater priority. More and more patients are choosing virtual visits over traditional office-based appointments, and healthcare providers will increasingly be challenged to comply with HIPAA compliance regardless of the location or method of care.
While looking for the best HIPAA-compliant video conferencing solution, it’s important to understand ex
actly how these requirements are met across all areas of care. HIPAA compliance protects the patient, and your video conferencing solution must work hand-in-hand with that compliance. Complying with government PHI(Protected Health Information) rules starts with the right technology to offer the best services for your patients.