Medical Privacy Gets Complicated as Doctors Turn to Video Chats

Thomas Germain

April 14, 2020 at 5:34 PM·6 min read

Consumer Reports has no financial relationship with advertisers on this site.

Ash Bowen M.D., a urologist with the University of Oklahoma Health Sciences Center in Edmond, started rescheduling patients' appointments on March 18.

To slow the spread of coronavirus, the university said that essential procedures could still be carried out in person, but any other appointments had to be put off until June or conducted remotely. “We got about a week heads-up,” Bowen says.

The university has a contract with a telemedicine service called Amwell to let doctors video-chat with patients. The software is built to protect medical privacy and security, but some patients ran into difficulties using it. Bowen felt compelled to turn to other services, even if they weren't set up for healthcare. "For those who had trouble," he says, "we had to use Skype and Zoom."

Doctors attached to a large hospital, like Bowen, are likely to already have an arrangement with a telemedicine provider. These services meet strict privacy and security guidelines laid out by HIPAA, the Health Insurance Portability and Accountability Act.

But small medical practices may not have a telemedicine provider in place.

To encourage the use of telehealth during the pandemic, the government has temporarily stopped enforcing some HIPAA rules, letting doctors turn to familiar video-chat providers such as FaceTime, WhatsApp, and the free consumer versions of apps like Skype and Zoom.

None of these services have to follow HIPAA guidelines, but they're easy to use and often more familiar to patients and doctors. Setting up a new relationship with a HIPAA-compliant service can take time, money, and technical effort that some providers can't spare in a crisis.

“Obviously, there's tremendous value in being able to talk to a doctor remotely—especially right now,” says Justin Brookman, director of privacy and technology policy at Consumer Reports. “But with the HIPAA waiver, the tech companies that connect you to your doctor aren't bound by any privacy and security rules. Connecting despite that risk may well be worth it to you, but it's important to know that the normal safeguards aren't in place."

Here’s a rundown on which apps are built to protect your health data, and what the privacy and security trade-offs are if you use a service not covered by HIPAA.

Services That Comply With HIPAA

The Department of Health and Human Services Office for Civil Rights (OCR)—that’s the agency charged with enforcing health privacy rules—provides a short list of video conferencing services that say they’re HIPAA-compliant. The list may not include every service:

Amazon Chime
Cisco Webex Meetings and Webex Teams
Doxy.me
Google G Suite Hangouts Meet
GoToMeeting
Skype for Business and Microsoft Teams
Spruce Health Care Messenger
Updox
VSee
Zoom for Healthcare

To follow HIPAA, a teleconferencing service needs to sign a “Business Associate Agreement,” or a BAA, with the healthcare provider who wants to use it. The service needs to guarantee that it will follow the same kinds of privacy rules a doctor would.

Personal health information, whether it's videos or electronic medical records, needs to be encrypted to limit access to only the patient, the healthcare provider, and other authorized people. A teleconferencing company can't share any identifiable patient data for purposes healthcare providers haven't approved, and it needs to undertake security audits to make sure their data is well protected.

“HIPAA ensures a level of accountability,” says James Koons, a founding partner at the consulting firm Data Privacy & Security Advisors. Businesses that sign BAAs and then break the rules can be liable for civil and criminal penalties. Businesses also need to report significant data breaches and make information about their practices available to the Department of Health and Human Services.

The rules don't apply to typical video conferencing services meant for consumer or corporate communications.

“The priority at this moment, with this crisis, is to make it as easy as possible for people to get to healthcare where they are on the devices that they have,” says Roger Severino, director of the OCR, in discussing the agency's decision to relax the rules. “We're taking these steps to be as flexible and nimble as possible.”

But the agency says services designed for shared broadcasts—like Twitch, Facebook Live, and TikTok—still aren’t allowed or appropriate for telemedicine.

What You Can Do

Your doctor should be able to tell you whether a service he or she is suggesting is HIPAA compliant, but Koons says a quick visit to a company’s website can help clear things up as well.

Koons says services that make the effort to comply with HIPAA usually go out of their way to explain the procedures they follow. For instance, a long document on GoToMeeting’s telehealth services website provides details about technical safeguards like encryption and how the app is configured to keep calls private.

On the other hand, Koons says you shouldn't rest easy just because you see the word "HIPAA" somewhere on a website. Some companies that aren't legally obligated to follow health privacy guidelines use the phrase "HIPAA compliant" for marketing purposes.

Technically, such a company might be complying with HIPAA; that's easy if they aren't covered by the law at all. Imagine a bag of apples labeled "gluten free" and you get the idea.

Adding a layer of confusion, some companies offer some products that are HIPAA-compliant and others that aren't. Examples include Google, GoToMeeting, Skype, and Zoom. (The consumer version of Zoom has been beset by privacy concerns, but a Zoom spokesperson says the HIPAA-compliant product has much stricter protections.)

Bowen, the Oklahoma urologist, eventually found a work-around that was both HIPAA-compliant and easy for patients to figure out. Doxy.me, a service built for telehealth communications, offers a free version that doctors can set up in a matter of minutes, and patients don’t need to download special software.

You can ask your provider to set up Doxy.me or another HIPAA-compliant videoconferencing service, but that's not always possible.

But if you and your doctor don't need to see each other during a consultation, a spokesperson at the American Medical Association offers a simpler solution: “Patients can speak to their physicians via telephone." It's old-fashioned—and private.

Consumer Reports is an independent, nonprofit organization that works side by side with consumers to create a fairer, safer, and healthier world. CR does not endorse products or services, and does not accept advertising. Copyright © 2020, Consumer Reports, Inc.

Yahoo Sports
Former NBA guard Darius Morris dies at 33
Former NBA guard Darius Morris has died at the age of 33. He played for five teams during his four NBA seasons. Morris played college basketball at Michigan.
Yahoo Sports
Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'
Murray made a bad night on the court worse during a moment of frustration on the bench.
Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Yahoo Finance
Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'
Ryan says he would be writing in a Republican candidate instead of voting for Donald Trump.
Yahoo Sports
Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1
It’s key to note that we’re not saying the “best team” or “best roster.” Instead, we’re talking about the best confluence of factors that can outline a path for survival and then success.
Yahoo Finance
These 3 stocks are poised to benefit from the massive energy transition
The energy transition will benefit companies providing electrical needs for surging demand. Analysts point to these three stocks as a Buy.
Yahoo Sports
Phil Mickelson on the majors: 'What if none of the LIV players played?'
Phil Mickelson hints that big changes could be coming to LIV Golf's rosters, and the majors will need to pay attention.
Yahoo Sports
Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap
Jake Mintz & Jordan Shusterman discuss the Padres-Marlins trade that sent Luis Arraez to San Diego, as well as recap all the action from this weekend in baseball and send birthday wishes to hall-of-famer Willie Mays.
Yahoo Sports
Heat's Pat Riley unhappy with Jimmy Butler's remarks on Celtics and Knicks, implies he needs to play more
Miami Heat president Pat Riley rebuked comments Jimmy Butler made about the Boston Celtics and New York Knicks, while also implying that his star needs to play more.
Yahoo Sports
NBA playoffs: Officials admit they flubbed critical kick-ball call in controversial final minute of Pacers-Knicks
Tuesday's last-2-minute report should be interesting.
Yahoo Finance
Social Security just passed Medicare as the government's most pressing insolvency risk
An annual government report offered a glimmer of good news for Social Security and a jolt of good news for Medicare even as both programs continue to be on pace to run dry next decade.
Yahoo Sports
No one was airing Angel Reese and Kamilla Cardoso's WNBA preseason debuts, so an X user livestreamed it
The quality was choppy, but it was better than what the WNBA had.
Yahoo Sports
The Scorecard: Andy Pages looks set to go down as one of the best fantasy baseball waiver wire pickups of 2024
Fantasy baseball analyst Dalton Del Don delivers his latest batch of hot takes as we enter Week 6 of the season.
Yahoo Sports
Ex-Ole Miss QB and Denver Broncos draft pick Chad Kelly suspended at least nine games by CFL
Kelly allegedly harassed a female strength and conditioning coach who sued him and the Toronto Argonauts in February.
Yahoo Sports
NBA playoffs: Predictions for Celtics-Cavaliers and every second-round series
Our NBA staff makes its picks for Knicks-Pacers and every second-round series.
Engadget
The best budgeting apps for 2024
Budgeting apps can help you keep track of your finances, stick to a spending plan and reach your money goals. These are the best budget-tracking apps available right now.
Yahoo Finance
Fed’s Kashkari: Rates will stay high for 'extended period' and can't rule out a hike
Minneapolis Fed president Neel Kashkari said interest rates will likely stay at current levels for an "extended period" and didn't rule out a hike if inflation stalls near 3%.
Yahoo Sports
NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?
Which teams did the best in the NFL Draft?
Yahoo Sports
The best RBs for 2024 fantasy football according to our analysts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 NFL season.
Autoblog
Edmunds bought a Fisker Ocean, warns others not to make the same mistake
Edmunds bought a Fisker Ocean and details the highs and lows of ownership while warning others not to make the same mistake.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Medical Privacy Gets Complicated as Doctors Turn to Video Chats

Services That Comply With HIPAA

What You Can Do

Recommended Stories

Former NBA guard Darius Morris dies at 33

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

The FDIC change that leaves wealthy bank depositors with less protection

Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'

Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1

These 3 stocks are poised to benefit from the massive energy transition

Phil Mickelson on the majors: 'What if none of the LIV players played?'

Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap

Heat's Pat Riley unhappy with Jimmy Butler's remarks on Celtics and Knicks, implies he needs to play more

NBA playoffs: Officials admit they flubbed critical kick-ball call in controversial final minute of Pacers-Knicks

Social Security just passed Medicare as the government's most pressing insolvency risk

No one was airing Angel Reese and Kamilla Cardoso's WNBA preseason debuts, so an X user livestreamed it

The Scorecard: Andy Pages looks set to go down as one of the best fantasy baseball waiver wire pickups of 2024

Ex-Ole Miss QB and Denver Broncos draft pick Chad Kelly suspended at least nine games by CFL

NBA playoffs: Predictions for Celtics-Cavaliers and every second-round series

The best budgeting apps for 2024

Fed’s Kashkari: Rates will stay high for 'extended period' and can't rule out a hike

NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?

The best RBs for 2024 fantasy football according to our analysts

Edmunds bought a Fisker Ocean, warns others not to make the same mistake