If you are concerned about secure online sessions with clients, then you’ve come to the right place. We are too. You need to protect the privacy of all sessions that you have with clients, including any online sessions. For health professionals practicing in the United States, The Health Insurance Portability and Accountability Act (HIPAA) spells out privacy and security standards. You can access information about the HIPAA Security Standards on The Department of Health and Human Services website. Fortunately, you can use a standard platform for online meetings and comply with HIPAA requirements.
Get a free consultation with the experts at Therapy Everywhere to make scheduling new clients easier and more inviting. Click here to arrange a no-cost, no-obligation online meeting. Need more information about secure HIPAA compliant email with a HIPAA BAA? Click here.
What keeps an online video therapy appointment secure?
Security, according to HIPAA, means that your online session should provide end-to-end encryption. Access control must be in place so that the session cannot be accessed or intercepted by anyone other than the therapist and the invited client or clients.
Do you provide or recommend a solution for online video therapy sessions?
Our Schedule > Bill > Deliver solution will work with the online session platform that you choose, but we do recommend Citrix GoToMeeting. Citrix GoToMeeting is an online meeting solution that can help your practice deliver online sessions securely. (For more information about GoToMeeting and HIPAA, click here.)
Can a third party join a video session and compromise its privacy?
Your session should be limited only to invited participants.
How will I get paid for online video therapy sessions?
When clients book an online therapy session, our Schedule > Bill > Deliver solution enables you to specify if payment is required in advance.
Have more questions about delivering online video therapy sessions?
Reach out today to the experts at TherapyEverywhere for a free consultation. If you need more information if you are a covered entity under HIPAA, click here.
Specifics about how GoToMeeting can support HIPAA compliance
Is GoToMeeting HIPAA compliant?
Although HIPAA compliance per se is applicable only to entities covered by HIPAA regulations (e.g., healthcare organizations), the technical security controls employed in the GoToMeeting service and associated host and client software meet or exceed HIPAA technical standards. Furthermore, the administrative configuration and control features provided with GoToMeeting support healthcare-organization compliance with the Administrative and Physical Safeguards sections of the final HIPAA Security Rules.
The net result is that GoToMeeting may be confidently deployed as an outsourced remote-access component of a larger information-management system without affecting HIPAA compliance.
For more information about GoToMeeting and HIPAA, click here. The following provides a quicker, easier to review set of information about GoToMeeting for secure online sessions. HIPAA information on the GoToMeeting site should be considered authoritative.
- Meeting access is protected by a unique meeting code and optional strong password authentication • Configurable failed log-in lockout threshold
- Meetings are not listed publicly, and access is restricted to invited participants
- Meeting organizer can easily disconnect attendees or terminate sessions in progress
- Organizer-configurable session inactivity time-out ensures that screen sharing is not enabled indefinitely • Website inactivity time-out automatically logs users out of their GoToMeeting accounts
- All sensitive chat, session, and control data transmitted across the network is protected using the Advanced Encryption Standard (AES) with a 128-bit key
- A unique 128-bit AES encryption key is generated and securely distributed to all participants at the start of each session
Unique User Identification / Person or Identity Authentication
- Organizers and account administrators* use their unique email address as their login name; they must also enter a unique account password
- Meeting organizers must log in to GoToMeeting using a unique email address and account password • Meeting access is protected by a unique code and optional strong password. Only invited participants may view shared meeting data
Emergency Access Procedure
- One-click meetings provide rapid, secure access to an online meeting from virtually anywhere, which may be used as a supplementary method for providing emergency access to healthcare information
Integrity and Integrity Mechanism
- Integrity protection mechanisms are designed to ensure a high degree of data and service integrity, working independently of any integrity controls that may already exist on the customer’s computers and internal data systems • The presenter can choose to not share keyboard and mouse control, ensuring the integrity of application commands and inputs
- All executables are digitally signed• All transmitted data is integrity protected using HMAC-SHA-1 message authentication codes
- GoToMeeting provides true end-to-end data security that addresses both passive and active attacks against confidentiality
- All transmitted data is integrity protected using HMAC-SHA-1 message authentication codes
- All sensitive chat, session, video, audio and control data transmitted across the network is protected using the Advanced Encryption Standard (AES) with a 128-bit key