The big question – What are the specific HIPAA requirements for securing or encrypting video conferencing communication? Wherever healthcare and technology overlap the privacy and security of electronic transactions are governed by the Health Care & Portability Act. The use of video conferencing technology in health care is common practice today. Telemedine and Telehealth are used all over the country but specific HIPAA guidelines for encrypting video conferencing communications do not exist. My interpretation of the HIPAA rules as they apply to video conferencing are simply to treat the video conference connection like any other PHI data stream. All the major VC players seem to be using 128 bit Advanced Encryption Standard (AES). A 128bit encryption key is the minimum key size you can use for secure video communication and still maintain compliance.
Data communications are generally secured using 256 AES. The smaller 128 bit video encryption key algorithm is probably better suited for real-time video communications.
Some popular choices often used in secure unified communication systems are:
LifeSize Video Conferencing Products
Polycom Video Conferencing Products
Vidyo Video Conferencing Products
Thank you for this post. I’ve been trying to find information on video conferencing encryption requirements under HIPAA to determine if the new Cisco UMI Telepresence system might be a viable telepsychiatry solution for our remote rural community mental health clinic. I tried contacting Cisco and their tech chat person could not answer the question. Would you happen to know if anyone has explored the use of UMI Telepresence for telepsychiatry or telemedicine?