Secure HIPAA Compliant Video Conferencing Solution Development
Technosoft has developed many HIPAA compliant Video conferencing/chat solution for many healthcare organizations. These solutions have been used in CCM as well as other disciplines.
Since early 2000, we have been creating such kind of solutions for companies that are based on the US healthcare market. We have senior HIMSS Certified Healthcare Security Professionals in our staff. Moreover, we have a wide knowledge of HIPAA privacy and security along with its applications.
Our HIPAA compliant video conferencing solution for our clients
Our HIPAA compliance video chat solutions for our clients:
- OpenTok SDK
- AddLive implementation
- Zoom SDK
- SightCall SDK
HIPAA and Healthcare Information
HIPAA, the Health Insurance Portability and Accountability Act, consists of the standards for protecting sensitive data of patients.
It has some requirements that guide its management and imposition, including some relevant to Health information technology and also the electronic exchange of health information:
- HITECH Act
- Security Rule
- Privacy Rule
HIPAA Privacy Rule deals with Protected Health Information (PHI). The HIPAA Security Rule (SR) deals with electronic Protected Health Information (ePHI), which is mainly a part of what the HIPAA Privacy Rule covers. The HITECH Act specifies levels of violations and punishments for violations of the HIPAA rules.
How Technosoft protects Health information with HIPAA
Following are the structures Technosoft have, to protect health information:
Technosoft’s protection frames basis for immediate video, audio and data communications take advantage of Amazon Web Services. Amazon Web Services provides a very expandable as well as a highly safe platform that allows customers to send out and use applications and data quickly and securely.
A distributed network with small delay multimedia routers lies on Technosoft’s communications infrastructure. With these routers, all session data starting from the host’s device and arriving at the participants’ devices is dynamically switched, and hence, never stored continuously through the Technosoft communications infrastructure.
Technosoft can protect session data by encrypting the communication channel between the HIPAA compliance video chat users using Transport Layer Security (TLS) encryption tunnel.
4. Media Storage
Technosoft allows users to record e-PHI videos. Technosoft never stores these files on its servers and does not make it available for use. Files are only stored on a user’s computer or HIPAA-cooperative EHR system.
WebRTC and HIPAA
There are two types of solutions for combining video with the applications i.e. WebRTC based and Proprietary. WebRTC is an open standard that allows developers to add video chat ability into a web application using the internet and to increase the quality of sound and video. It also provides SDK/APIs for mobile integration on Android and iOS.
Architecturally, there are server-based and cloud-based solutions available for both webRTC and proprietary technologies. The HIPAA security rules purposely do not deal with the video conferencing solutions, However, we believe that the solution needs to use https for streaming to avoid secretly listening in calls. That covers keeping information private and completeness of data part of the HIPAA security act. We make sure of the availability by an uptime SLA with the dealer.
Technosoft WebRTC illustration
1. Signing Data is transferred through NAT or STUN server and then peer to peer connection is established via internet connection between the two calling parties.
2. If firewall bans signing then whole communication happens through the TURN server. In this case, this is not a peer to peer communication and all data is transferred through the TURN server.
We have already developed many softwares that help us quickly deliver a HIPAA compliant solution. All our healthcare software goes through a strict HIPAA checklist.
We have HIPAA policies applied in our organization and we will be glad to sign a HIPAA Business Associate Agreement for software development or support service contracts.