Is FaceTime® HIPAA compliant? Unfortunately, the answer is no. If you’ve been using Apple FaceTime for telehealth, it’s time to switch to a fully HIPAA-compliant telehealth solution before you incur legal penalties. In this article, we look at what Apple would need to do to make FaceTime HIPAA compliant for telehealth, and explore alternatives for secure HIPAA-compliant patient messaging platforms.
HIPAA compliance normally pertains to covered entities (health plans and providers, health care clearinghouses), which Apple FaceTime obviously is not. It could be argued that Apple FaceTime may be considered a conduit or a business associate in the eyes of HIPAA.
Apple® does not store any information sent via FaceTime, a peer-to-peer communication channel that transmits voice and audio communications between users and cannot decrypt sessions. Apple is therefore considered a business associate and is required to sign a BAA.
A BAA is a contract between a covered entity and a business associate that requires both parties to protect personal health information under the rules and regulations of HIPAA. Apple is not willing to sign a BAA; therefore, its services, including FaceTime, are not technically HIPAA compliant.
Since COVID-19 pandemic did so much to popularize telehealth services, healthcare providers are turning to telehealth companies, or even commercial messaging apps, for the convenient online services patients now appreciate and expect 1 .
To cope with the urgent need to adopt telemedicine services during the COVID-19 emergency, HIPAA was temporarily relaxed to allow covered healthcare providers to use Apple FaceTime to provide telehealth without the risk of HIPAA non-compliance penalties 2 . However, this relaxation of HIPAA rules for telehealth is set to expire on December 2024 3 . It is now up to healthcare organizations to adopt fully HIPAA-compliant telecommunications software before the deadline or face penalties.
Healthcare providers should notify patients that third-party applications such as Apple FaceTime are not HIPAA compliant and that other telehealth apps have declared themselves HIPAA compliant 4 4 . These include:
To successfully implement a HIPAA-compliant telehealth software platform, providers must require patients to complete necessary patient consent forms and agreements. Commonly used consent forms and agreements for online patient portals and telehealth platforms include:
Since Apple Facetime is not HIPAA compliant, we do not recommend using it as part of any telehealth solution. If you need a HIPAA-compliant video chat tool that integrates with your existing EHR, consider BridgeInteract.
BridgeInteract offers a comprehensive, modular suite of tools to engage patients along the digital care journey beyond telehealth. These patient engagement software tools include self-scheduling, appointment reminders, secure live chat, and a client-branded mobile app.
The BridgeInteract platform is SOC 2 certified and is fully customizable to meet your organization’s specific needs. All patient and client data is protected by robust encryption, advanced firewalls, and HIPAA-compliant cloud services.
In addition, BridgeInteract is compliant with the ONC Certification Criteria for Health IT and has been certified by an ONC-ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services.* To know more about the certified module, please check https://www.bridgeinteract.io/certifications/.
Unlike most commercial messenger and video call platforms, BridgeInteract is designed with HIPAA compliance from the ground up. Contact us to learn how we can help with your telehealth needs while enhancing patient engagement and ensuring full HIPAA compliance.
*This certification does not represent an endorsement by the US Department of Health and Human Services.
DISCLAIMER: All product and company names are trademarks™ or registered® trademarks of their respective holders. Bridge Patient Portal is not endorsed or sponsored by or affiliated in any way with the service providers mentioned in this article.
