1 / 34

Based on the Work of

Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency. Based on the Work of

darrin
Download Presentation

Based on the Work of

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Voice over the Internet Protocol (VoIP) Technologies…How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima, R., Moeini, S. & Firouzani, P. (2010).‘VOIP for telerehabilitation: A risk analysis for privacy, security, and HIPAA compliance’ . International Journal of Telerehabilitation: 3-14

  2. Selecting a Platform

  3. Most VoIP technology systems provide a very reliable, high quality, and competent teleconferencing session with their patients………However, to determine if the VoIP videoconferencing technologies are private, secure, and compliant with HIPAA, a risk analysis should be performed. Watzlaf, et al., 2010

  4. Skype, VSee or Other Vendors • Questions regarding 3 HIPAA requirements • Audit trails • Chat box information stored on company’s computers • VSee can track which accounts connect but does not know the time or the content • For a review of vendors visit: • http://www.telementalhealthcomparisons.com/ You will have to provide your email address to review these comparisons

  5. Let’s Take Specific VendorsOUT of the Discussion

  6. 2 Choices

  7. 1st CHOICEUse the HIPAA compliance checklist (prepared by Watzlaf & colleagues) and compare it to the VoIP technology software privacy and security policies provided by the software vendor and ask if they are willing to enter into a BAA (Business Associate Agreement)

  8. 2nd CHOICEPurchase HIPAA compliant software specific to VoIP with vendors that will walk you through each piece of the HIPAA legislation to make certain the software is private and secure and be willing to enter into a BAA (Business Associate Agreement)

  9. HIPAA Compliance Checklist for VoIP Checklist on NFAR website

  10. Example of Items on Checklist • Personal Information- Will employees and other users of VoIP software be able to listen in to video-therapy calls between patient and therapist? • Retention of Personal Information- Are video conferencing sessions for therapy services recorded? • Requests for Information from Legal Authorities etc.- Will personal information, communications content, and/or traffic data when requested by legal authorities be provided by the VoIP software company?

  11. Every potential user (therapist or healthcare facility) should review the privacy and security policies that are found on the VoIP software system’s website to determine if they answer the questions listed in this checklist….If the question is not addressed in the policy, then the user may want to contact the software company and ask them how the company will address a particular question(s).

  12. Next Steps……

  13. 1. Form a team that will examine VoIP software systems to determine if it meets federal (HIPAA), state, local, and facility-wide privacy and security regulations

  14. The team may consist of the provider attorney, risk management personnel, health information administrator/ privacy officer, security officer (IT), clinical directors/supervisors and counselors

  15. 2. Designate someone on the team to stay on top of all the changes videoconferencing software systems(federal state and local)

  16. 3. Educate all staff (not just counselors) on how to use software system for videoconferencing

  17. Training should include: • Privacy and Security related to HIPAA • Issues Related to PHI (Private Health Information) Exchange • Encryption • Spyware • Password Security • Use of Equipment by Counselor/Client • ATA Guidelines

  18. 4. Develop Patient Informed Consent Form • What therapy will be provided using the VoIP technology • How the technology will be used • Benefits associated with videoconferencing • Risks associated with videoconferencing (privacy and security) • Informed Consent Form reviewed by team attorney

  19. 5. Incident response is necessary and should include…. • documentation regarding the incident • the response to the incident, any effects of the incident as well as whether policies and procedures that were followed in response to the incident • if policies and procedures are not in place for incident response, then these should be developed with the security and privacy officers

  20. Suggested General Rules for VoIP Kuhn, Walsh, & Fries, 2005 National Institute of Standards and Technology

  21. Do not use the username and password for anything else but videoconferencing, change it frequently and do not make it easy to identify

  22. Avoid having computer viruses on the computer used for video conferencing

  23. Never use it for emergency services

  24. Consistently authenticate who you are communicating with especially when used for tele-therapy video sessions

  25. Focus on the transmission of data through video conferencing….. How that data is made private and secure during the telecommunication….How private and secure it is stored and released to internal and outside entities.

  26. Provide audit controls for using software applications so that they are secure and private

  27. There are threetypes of information security risks: Confidentiality, Integrity, and Availability

  28. Confidentiality refers to the need to keep information secure and private.

  29. Integrity refers to information remaining unaltered by unauthorized users.

  30. Availability includes making information and services available for use when necessary.

  31. VoIP Risks and Recommendationsrelated to Confidentiality, Integrity, and AvailabilityList on NFAR Website

  32. Information Security Risk & Recommendation Example See VoIP Risks and Recommendations Checklist

  33. All credit for this presentation goes toDr. Watzlaf and colleagues for allowing the use of their article as the basis for this presentation and allowing us to post the HIPAA Compliance Checklist and the Risk and Recommendations List on our Website

  34. www.nfarattc.org

More Related