When it comes to telehealth, one might think that all we need to do is fire up Zoom or Skype to talk to doctors or patients on the other end. Unfortunately, it’s not so simple due to security and privacy regulations. More specifically, not all video conferencing apps are HIPAA compliant.
In case you're wondering what HIPAA is, here’s an article that explains everything you need to know about HIPAA Compliance.
Did you know that any clinic that willfully neglects HIPAA rules are liable to pay $50,000 for each violation, up to a maximum of $1.5 million per year? For most clinics operating on tight margins, this is enough to shutter their doors permanently.
To provide telehealth services to patients, your video chat app must comply with HIPAA by using strong data protection measures to protect the patient from privacy breaches and your clinic from stiff penalties for not complying with HIPAA.
What Is HIPAA Compliant Video Conferencing?
HIPAA compliant video conferencing means that any information, including protected health information (PHI), transmitted over video, audio, or text are carefully safeguarded against data breaches using stringent encryption, security, and privacy standards. To keep medical records and patient information safe, the HIPAA Privacy Rule and Security Rule both apply.
Why is HIPAA Compliance Important for Telemedicine?
These security and privacy rules, with a Minimum Necessary Requirement and signed Business Associate Agreement (BAA), along with data encryption are important because patient data and medical records are highly sensitive such that this information can be used to victimize them through identity theft or even foul play.
As such, these rules are in place to protect the patient and to guard clinics and health practitioners against civil or even criminal penalties for noncompliance.
10 Best HIPAA Compliant Video Chat Solutions
We analyzed some of the top video conferencing solutions for telemedicine, what features they offer, how they ensure their apps are HIPAA compliant, and which platforms they support.
1. Zoom for Healthcare
Image Source: Zoom Healthcare live demo (video screenshot)
__Zoom is a widely popular platform for hosting virtual meetings from anywhere in the world. However, the main platform is not HIPAA compliant. To meet compliance requirements specifically in healthcare, Zoom created a separate piece of HIPAA compliant video conferencing technology, Zoom for Healthcare.
Zoom for Healthcare offers consistent HD video and audio even in slow connections. Another feature designed for healthcare situations is that it integrates with Epic, a cloud-based EHR solution used widely by hospitals and clinics.
How Zoom for Healthcare Ensures HIPAA Compliant Chat:
Most importantly, Zoom for Healthcare has a signed Business Associate Agreement (BAA) that stipulates securing personal information and medical data using AES-256 encryption standards.
Platforms Supported by Zoom for Healthcare:
Desktop/Web: Zoom Meetings & Zoom Rooms
Browser extensions: Chrome & Firefox
Plugins: Outlook & Lync
Mobile: iOS & Android
Image Source: Doxy.me (screenshot)
Features under the free plan include text chat, video calling, HIPAA compliance, end-to-end encryption, and all the basics to make a telehealth app work. This app also contains premium features under paid plans such as group calling, screen sharing, custom BAA, dedicated customer success management, and much more.
How Doxy.me Ensures HIPAA Compliant Chat:
Doxy.me does not store protected health information (PHI), secures data with intrusion detection systems and has disaster preparation plans in place. The app also uses AES-256 end-to-end encryption backed with Federal Information Processing Standard (FIPS) 140-2 key management infrastructure when storing data in the Amazon Web Services EBS. Doxy also has ongoing monthly reviews to ensure HIPAA compliance.
Browsers Supported by Doxy.me:
Since Doxy.me is a browser-based web application, it can be run from any device as long as they are supported by the following browsers:
Desktop/Web: Chrome, Firefox, Safari
Image Source: Thera-LINK demo (video screenshot)
Like Doxy.me, Thera-LINK is a browser-based telehealth application platform. Although it does not come with a free plan, Thera-LINK comes with scheduling features and bandwidth auto-detection to ensure the right video quality is selected automatically without any user input. It also offers secure messaging even when patients or doctors are not in session.
How Thera-LINK Ensures HIPAA Compliant Chat:
Thera-LINK also ensures HIPAA compliance with BAA included in all of their plans, data protection with hashed passwords, HTTPS and TLS encryption with Strict Transport Security (HSTS), PHI and video encryption with AES-256, and HIPAA certified support staff on call 24/7/365.
Browsers Supported by Thera-LINK:
Thera-LINK is a browser-based web application and it can be run using any device as long as they are supported by the following browsers:
Desktop/Web: Chrome, Firefox, Safari 11+
Android: Firefox, Chrome (on newer devices only)
Image Source: VSee
VSee is a highly robust telehealth platform with a variety of HIPAA-compliant telemedicine solutions support for different clinical specialties, including urgent care, speech therapy, dermatology, family medicine, physical therapy, remote patient monitoring, and the list goes on.
What’s special about VSee is that their all-in-one tool offers you the ability to build custom-built workflows using only the features you need. Its free plan includes unlimited one-on-one video calling, whether using an app or a browser, unlimited secure messaging, screen sharing with live annotations, and file transfers using end-to-end encryption.
VSee provides a variety of HIPAA compliant telemedicine technologies such as hardware with peripheral device streaming, including telemedicine kits with otoscopes, USB stethoscopes, and ultrasound used for remote consultations over video. VSee Clinic can also be used to simplify the patient experience with efficient workflows that free up time for both doctors and patients.
Clinics can use the VSee SDK and API to build a telehealth portal that integrates HIPAA compliant video conferencing with waiting rooms, triage centers, EHR screen sharing, secure messaging, and wearable devices.
How VSee Ensures HIPAA Compliant Chat:
Not only does VSee ensure HIPAA compliance by protecting PHI and data privacy in all audio and video communications through secure encryption, but also offers BAA agreements that stipulate all patient information be kept secure and any breach of PHI be immediately reported.
Platforms Supported by VSee:
Desktop: Windows & MacOS
Mobile: Android & iOS
Image Source: GotoMeeting Healthcare
When people think of video conferencing, they tend to think of Zoom and GotoMeeting. Like Zoom, GotoMeeting is a widely familiar video conferencing and screen-sharing platform used not only for telehealth, but also for personal and business purposes.
For telehealth, GotoMeeting provides two products: GoToMeeting and GoToConnect, both of which are HIPAA compliant. The difference between the two is that GoToMeeting is a dedicated video conferencing solution, while GoToConnect is a customizable cloud-based phone system that also includes video. GoToMeeting offers HD video, enhanced audio, and encrypted sessions that enable healthcare providers to securely connect with their patients from anywhere.
How GoToMeeting Ensures HIPAA Compliant Chat:
To maintain HIPAA compliance for telehealth conferencing, GoToMeeting uses AES-256 encryption on both video calls and data at rest, a signed BAA, and multiple security features such as meeting lock, unique passwords, risk-based authentication on enterprise-grade SSO.
Platforms Supported by GoToMeeting:
Desktop/Web: Windows & MacOS
Mobile: Android & iOS
Image Source: Medici’s Facebook page
Medici is a mobile-only telehealth app built with Apple’s HealthKit that provides virtual care over high quality video and secure text messaging. It includes features such as seamless EHR integrations that help doctors focus on providing appropriate diagnoses and treatments without a steep technological learning curve.
Unlike many other telemedicine platforms, Medici is a SOC 2 compliant lightweight solution that seamlessly integrates into existing workflows so that clinics don’t have to restructure their internal processes to fit telehealth in their doctor-patient services. Not only does Medici provide HIPAA compliant chat software and video functionality, but also other features such as chat translation, built-in revenue dashboards, multi-patient and clinical workflow management systems.
How Medici Ensures HIPAA Compliant Chat:
Medici has HIPAA compliant security and privacy controls, including encryption, to protect electronic PHI and medical data. Their internal review teams have reviewed this platform to make sure it complies with HIPAA from the client-facing mobile apps to the backend servers, and everything that happens in between.
Platforms Supported by Medici:
Mobile: iOS & Android
7. Pexip Health
Image Source: Pexip Apps page
Pexip Health is a video platform that makes it easy for both patients and providers to join secure and HIPAA compliant video chat through any device, software downloads, or plugins. Pexip enables clinics and patients to use their own systems to connect with each other securely and privately.
Clinics can integrate Pexip Health with existing workflows including their own telehealth carts and video conferencing systems such as Microsoft Teams, Skype for Business, or Google Meet.
Like Zoom for Healthcare, Pexip Health natively integrates with Epic EHR. Even if clinics don’t use Epic, they can use flexible APIs to help integrate Pexip with their own EHR systems such as Cerner, eClinicalWorks, and others.
How Pexip Ensures HIPAA Compliant Chat:
Pexip Health uses enterprise-grade HIPAA compliant chat software with AES-256 encryption on video conferencing along with other security protocols to maintain privacy and strictest data protection. Along with SOC 2 compliant data centers, Pexip also uses FIPS 140-2 standards as well as to ensure that they have a HIPAA compliant app.
Platforms Supported by Pexip:
Pexip provides their solutions as self-hosted, SaaS, private cloud, or through integrations with existing systems including Skype for Business, Microsoft Teams, and Google Meet. The self-hosted solution can be deployed in Microsoft Azure, AWS, Google Cloud Platform, or private cloud services.
Image Source: eVisit Platform Overview
A virtual care platform, eVisit, includes remote care delivered via video conferencing for many specialities. eVisit also includes EMR integrations, scheduling and waiting room management, follow ups on discharged hospital patients, scheduling on-demand appointments, managing prescriptions, all the way up to billing and payments.
Basically, clinical workflows including filling out forms, answering questionnaires that take medical history and any allergies, are replicated within a virtual workflow that eVisit encompasses fully.
How eVisit Ensures HIPAA Compliant Chat:
The eVisit platform secures all patient data and medical records in their proprietary eVault, which is a double-encrypted high-security database. The company also has published several guides on HIPAA compliance, which presumably means that they have an internal team ensuring that all best practices on data security, privacy, and confidentiality are being followed at all times.
Platforms and Browsers Supported by eVisit:
Supported Browsers: Chrome, Firefox, Safari
Mobile: Android & iOS
Image Source: RingCentral Developers
RingCentral is a cloud-based phone and video system that fits the needs of many industries, including healthcare. All plans include unlimited video meetings, cloud storage for recordings, voicemail-to-text, team messaging, CRM integrations, and in-app file sharing. RingCentral for Healthcare includes patient management tools that put connectivity with patients as well as data security at the forefront.
One unique advantage that RingCentral offers over other telehealth platforms is its composability. RingCentral is an open platform with developer APIs for team messaging, voice, SMS, and video meetings, and it enables developers to integrate their RingCentral app with other applications created by over 200 companies including Microsoft, Google, Salesforce, Hubspot, Box, and Slack, to name a few.
Therefore, if a highly customized workflow that uses existing tools is a priority, RingCentral offers almost all the APIs and integrations necessary.
How RingCentral Ensures HIPAA Compliant Chat:
RingCentral is not only HIPAA compliant with a signed BAA and top-of-the-line encryption, but also HITRUST CSF certified. HITRUST CSF is “a security framework that provides organizations with a comprehensive and flexible approach to HIPAA compliance and risk management” (Compliancy Group, 2019).
Platforms Supported by RingCentral:
Desktop/Web: Windows & MacOS
Mobile: Android & iOS
Image Source: SimplePractice AppStore
SimplePractice Telehealth is a HITRUST and HIPAA compliant telehealth app that allows doctors and patients to connect through a secure video meeting for virtual consultations. Patients can book their own appointments through the calendar functionality within the app.
However, while this may be planned for the future, SimplePractice does not offer a public API or any integrations at this time. Until then, SimplePractice is a closed system that serves as an off-the-shelf solution ideal for clinics that need to implement telehealth as quickly as possible.
How SimplePractice Ensures HIPAA Compliant Chat:
SimplePractice has an internal Security and Privacy Program and a signed BAA that incorporates requirements from the HIPAA, HITRUST CSF, NIST, and PCI-DSS frameworks, to name a few. To ensure compliance, they use access control policies, AES-256 encryption, and 24/7 monitoring for vulnerabilities to boost protection on their networks and all endpoints.
Platforms Supported by SimplePractice:
Desktop/Web: Windows & MacOS
Mobile: iOS & Android
How to Add HIPAA Compliant Video Conferencing Technology to a Telemed App
The key to building in video functionality to a telemedicine app is to plan ahead for scalability. If the app succeeds, more people will use it, thus requiring more bandwidth and server capacity.
We created an article that covers the technical side of embedding video into telehealth apps and shows some flowchart diagrams to help visualize what the backend architecture might look like. Some backend technology for example, may include AWS EBS for data storage as mentioned above. Other cloud services such as Google Cloud Platform are available to support the app’s usage, bandwidth, and functionality.
One critical piece of technology to ensure HIPAA compliance is encryption. HIPAA compliant apps must use encryption technologies that support AES-256 standards. Higher levels of encryption may be used such as FIPS 140-2 key management and HTTP/TLS with Strict Transport Security (HSTS). CometChat Pro also provides HIPAA compliant chat APIs and SDKs with strong encryption and data security to meet HIPAA compliance requirements for telemed apps.
Another must-have is WebRTC, a tool used for telehealth app development that offers video calling, recording storage, and secure messaging features. It enables these for mobile apps, desktop applications, and web browsers. For the frontends, many telehealth apps use React and React Native, which makes it run faster and on multiple platforms.
Get More Information About Developing a HIPAA Compliant Chat App
If you’re considering building a custom telemedicine app and need to make sure it has HIPAA compliant chat, we provide in-depth documentation and step-by-step tutorials that show you how to get started.
Check out our free tutorials on building a HIPAA compliant video conferencing app:
We help you build safe and secure chat apps with our hipaa compliant chat APIs & SDKs.
Sign up to our developer dashboard and start building your chat app for free!
About the author
Nabeel Keblawi, a deaf entrepreneur, runs a Content Marketing and SEO agency that helps B2B SaaS companies grow organically in their industries around the world. His previous work experience involved software development, renewable energy, and cloud computing. In his personal life, Nabeel loves to go hiking with his family, and dust off his skis to hit the slopes given the chance. He is also an avid reader of fictional history.