There are several existing platforms that seemingly would make a good home for a virtual behavioral health practice, for example Skype, but most of these means of connection fall short in providing the security, patient protection and licensure requirements that regulate behavioral health services in the United States.
While Skype does meet the HIPAA standard for 128 bit encryption, HIPAA compliancy also requires business associates agreements with any providers or health care organizations with whom they do business. Skype also would not allow audits on patient health information (PHI) should a security breach occur. This means that providers and other investigators of the breach wouldn’t be able to find out who had obtained that information, or what information had been compromised. Similarly, Skype’s user agreement allows them to share your traffic data with their group companies, carriers, and partner services providers/agents as they see fit.
Some platforms, like Apple’s FaceTime, can be HIPAA-compliant but only when providers and consumers are using wireless connections with WPA2 Enterprise security.
Additionally, providers who prescribe medications have to be especially careful doing so over the internet. The laws governing e-prescribing vary by state and are subject to strict regulation.
Providers who offer online services may be putting themselves at unnecessary risk by using the wrong platform to deliver care. There are HIPAA-compliant and secure telebehavioral health platforms, like Inpathy, that have the support in place to help you make the right decisions as you develop your virtual practice.
Daniayla Stein lives in the DC area as a Digital Communications professional. Daniayla is passionate about helping people help themselves through information and advocacy and frequently writes on behavioral health issues and healthcare policy. She graduated from Beloit College in 2012 with a degree in Anthropology and Creative Writing.