We consulted with our compliance consultants and here`s what they said about Facetime: “If Apple doesn`t provide a business agreement or if its online terms indicate a business associate`s availability, it shouldn`t be used for PHI communication purposes. Even if the PHI is not disclosed, if used in a health environment, patients or medical files may be visible in the background, which would be considered PHI. But there are video conferencing software on the market that are HIPAA compliant. To learn more, www.verizonenterprise.com/us/industry/healthcare/ “Health care providers need to be aware that they are not only responsible for meeting HIPAA, but that HIPAA entrusts its partners with the responsibility of protecting protected health information,” says Chris Davis, solutions architect at Verizon Enterprise Solutions. “Verizon`s ability to sign a BAA with a health care provider gives an organization confidence that Verizon is responsible for complying with legal requirements.” The deadline for compliance with the final omnibus rule, which changes the implementation rules of the 1996 Health Insurance Portability and Accountability Act (HIPAA), was September 23, 2013. With the introduction of the revised regulations, many healthcare companies are stepping up their HIPAA compliance efforts by ensuring that companies have business association agreements with their cloud and other technology service providers. However, a recent Survey of Health Trading Partners conducted by Coalfire found that less than half of the trading partners surveyed currently report that they are compliant with HIPAA and the omnibus final rule. Our experts also talk about encryption and encryption key and why they are important. You also draw attention to the important questions you should ask as a health care provider when selecting a health IT service provider. Finally, and not least, they stress the importance of thinking longer term about whether your supplier is financially stable and whether it will be in business not only this year, but also next year. Then there is the necessary BAA. Good luck if you push general technology providers to sign a HIPAA-compliant business agreement. This is not their main business and they cannot adapt their entire suite of services (and security) to meet a client`s health needs. This applies to SMS as well as e-mails.
We again spoke with our compliance consultants and they responded with this information: HHS has guidelines on cloud computing, Statement that cloud service providers (PSCs) are generally not considered lines: “CSPs that provide cloud services to a covered company or business partner that include creation, reception or management (. B, for example, the processing and/or storage) of secure health information (ePHI) complies with the definition of a business partner, even though the PSC cannot display the ePHI because it is encrypted and the CSP does not have decryption. As noted in the previous guidelines, the line exception is limited to only PHI transmission services (in electronic or paper form), including temporary storage of PHI incidents during such transmission. All access to the PHI through a channel is only temporary. On the other hand, a PSC that maintains ePHI for storage purposes is qualified as a business partner and not as a channel, even if the CSP does not actually see the information, because the entity has more sustainable access to ePHI. In addition, when a PSC provides transmission services to a covered entity or counterparty, the PSC remains a counterparty for this ePHI transmission, in addition to maintaining ePHI for information processing and/or storage purposes.