The Online Therapy Institute posted the following regarding the question of Skype and HIPAA Compliance Breakthrough http://www.breakthrough.com recently received a written statement from a Skype representative and with Breakthroughâs permission I am sharing this information. Skype is not a business associate subject to HIPAA nor have we entered into any contractual arrangements with covered entities to create HIPAA compliant privacy and security obligations. Instead, Skype is merely a conduit for transporting information, much like the electronic equivalent of the US Postal Service or a private courier. Skype does not use or access the protected health information (PHI) transmitted using our software. However, Skype has implemented a variety of physical, technical and administrative safeguards (including encryption techniques) aimed at protecting the confidentiality and security of the PHI that may be transmitted using Skypeâs calling and video calling products. ~ Harvey Grasty (For source, click here)
A few experts have raised the question are Skype and other commercial video conferencing any different from cell phone companies? Skype may not be a viable alternative to carry telehealth operations, as it does not offer practitioners a Business Associate Agreement. Unlike some other video-conferencing providers, Skype does not offer an option of becoming a Business Associate in accordance to HIPAA law. One could argue though, that psychotherapists do not have a HIPAA Business Associate Agreement with their phone company, such as Verizon or AT&T, when they talk to clients on the phone in between f2f sessions or as part of Telehealth practice. Similarly, psychotherapists, counselors and social workers do not have business associate agreements with the US Postal Service or UPS.
AdventureInTherapy.com has posted an interesting blog on the topic:
Skype and modern cell phones use the same basic protocol to communicate (packet switching), but basically what happens is that when you make a call, Skype or your cell phone operator sets up a connection between you and the person you are calling and then steps out of the way, leaving you and that person to talk as if you had your own circuit. Both Skype and cell phones encrypt the data they send. If anything, the AES encryption method used by Skype is probably more secure than the 30-year old A5/1 encryption method used in most cell phones. AES is approved by the government for top-secret information while A5/1 has already been partially broken.