As of now (confirmed last on March 2020), the price for Zoom's HIPAA compliant plan was a minimum of $200/month with a 12-month commitment. As with most serious telehealth software, don't expect to simply jump on Zoom's website and get a HIPAA-compliant plan you can use for a few weeks.
Zoom Pricing
| Name | Price |
|---|
| Basic | Free |
| Pro | $14.99per host per month |
| Business | $19.99per host per month |
| Enterprise | $19.99per host per month |
Because FaceTime is peer-to-peer, and uses end-to-encryption, Apple does not store any FaceTime sessions on their servers, nor do they have the ability to decrypt live FaceTime sessions. With this information, we are confident that Apple's FaceTime is an HIPAA compliant solution.
Zoom's HIPAA/PIPEDA compliant Epic app empowers patients, physicians and other healthcare professionals to communicate face-to-face with Zoom video during Epic appointment visits.
In the course of providing services to healthcare customers, the Zoom Platform and Zoom Phone enable HIPAA compliance to covered entities.
Installing from the Zoom Marketplace
- Login to your Zoom account and navigate to the Zoom Marketplace.
- Search for Epic and click the app.
- If the app is not pre-approved, contact your Zoom admin to approve this app for your account.
- Click Install, confirm the permissions the app requires and choose Allow.
Zoom is available free of charge to anyone and the basic free version offers all the facilities most people will need. However, as with anything, you get what you pay for.
We've found that many providers think communicating electronic protected health information (ePHI) via Skype, FaceTime, Google Hangouts, or another standard commercial video conferencing platform is perfectly HIPAA-compliant. In fact, they are not.
Simply put, FaceTime is not HIPAA compliant and using it in a setting where telehealth or telebehavioral health professionals are treating clients is a major violation of federal regulation. FaceTime calls are hosted by Apple and do not meet HIPAA encryption requirements.
Telemedicine is a specific kind of telehealth that involves a clinician providing some kind of medical services and can include, but is not limited to, the following applications: the use of video conferencing for patient consultations, patient portals and/or sending images for diagnosis, remote monitoring of vital
Making G Suite HIPAA Compliant (by default it isn't)
- Obtain a BAA from Google. One important requirement of HIPAA is to obtain a signed, HIPAA-compliant business associate agreement (BAA).
- Configure Access Controls.
- Set Device Controls.
- Google Drive.
- Gmail.
Skype for Business is HIPAA compliant as long as the covered organization signs a Business Associate Agreement (BAA) with Microsoft as specified in the HIPAA rules. This has been the case since Office 365 has been released. To be very clear, Skype for Business is a completely different product than Skype.
Hospitals, doctors, clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies are considered Healthcare Providers and need to be HIPAA compliant. Examples of Health Plans include health insurance companies, HMOs, company health plans, Medicare, and Medicaid.
Conclusion: Facebook is not HIPAA compliant because it will not sign a BAA. However, covered entities can use it—as long as they do not share any PHI.
For a phone call to be HIPAA compliant, covered entities must state their name and contact information before addressing the purpose of their call. Patients cannot be charged for phone calls or text messages and calls can only be made to the wireless phone number the patient provided.
HIPAA does not protect all health information. Nor does it apply to every person who may see or use health information. HIPAA only applies to covered entities and their business associates.
