BlueJeans Blog

HIPAA-Ready Secure Video Conferencing

What is HIPAA-compliance?

The Health Insurance Portability and Accountability Act (HIPAA ) is a federal law designed to safeguard and secure your protected health information (PHI) while permitting healthcare providers to access pertinent healthcare information.

Why is HIPAA-compliance important?

Healthcare facilities and their vendors collect vast volumes of personal data from patients every day. Compliance is essential to ensure privacy and confidentiality while reducing fraudulent activity. Any breach, whether the loss or theft of patient information, can result in fines, criminal charges, loss of patient confidence, and reputational loss for a health care organization.

How does HIPAA-compliance apply to video conferencing?

Video conferencing has become a critical tool during the pandemic, allowing healthcare professionals to continue to care for patients while reducing the spread of the disease. However, since telehealth video conferencing can involve the transmission of PHI and electronic protected health information (ePHI), it must adhere to the HIPAA Privacy Rule and the Security Rule.

  • The Privacy Rule. The HIPAA Privacy Rule gives individuals the right to their own health information and sets rules on who can view and receive it. The Privacy Rule also establishes standards for protecting patients’ medical records and other PHI while allowing health professionals to share relevant data to protect the patients’ health.
  • The Security Rule. Otherwise known as the Security Standards for the Protection of Electronic Protected Health Information, this law requires Covered Entities and Business Associates to protect electronic patient health information (ePHI) by using the appropriate administrative, physical, and technical safeguards to guarantee the information’s confidentiality, integrity and availability.

A video conferencing platform that enables HIPAA-compliance protects against data breaches and other HIPAA violations. Many popular video-conferencing tools simply aren’t HIPAA-compliant, which means they can’t legally be used to provide remote care.

The importance of patient security.

For a long time, BlueJeans has focused on our platform’s overall security. We understand the critical importance of protecting PHI and treat security and privacy issues seriously. That’s why we’re committed to providing industry-leading protection settings with the goal of delivering safe and secure telehealth video conferencing from any device, anywhere.

Cybersecurity and healthcare.

Although Telehealth has expanded the healthcare system’s reach and impact, the connectivity that makes it possible also leaves the data transferred vulnerable to attack. Due to the intrinsic privacy and security risks, all healthcare providers must embrace more rigorous standards and minimize threats. That’s why it’s important to use a video conferencing platform with key security features, such as encryption and virtual waiting rooms.

A HIPAA-ready conferencing platform.

BlueJeans is proud to comply with CCPA and the European Union's General Data Protection Regulation. As a HIPAA-ready, secure video conferencing platform, we meet all applicable requirements under the Security Rule, including ePHI confidentiality, integrity, and availability. All video, audio, and content in transit are encrypted using AES-256 GCM encryption, a more widely tested and trusted solution than AES-128 and other encryption schemes. Other security features include:

  • Meeting ID. By assigning each meeting a randomized nine-digit ID, BlueJeans keeps credentials private. Found easily in setting, use this One-Time Meeting ID eliminates the risk of disclosing your Personal Meeting ID to the public, which could, in turn, expose your other meetings to more unwanted guests.
  • Participant Passcode. For an added level of security, meetings can require a Participant Passcode to enter. This code automatically generates a second level of authentication to ensure only attendees with the passcode and Meeting ID can access the meeting.
  • Encrypted Video Calls. This advanced meeting option forces a BlueJeans meeting to only allow end points with sufficient encryption capabilities enabled. If you join the meeting using BlueJeans Software (the BlueJeans App, Chrome WebRTC, mobile app, etc.), you will automatically join as an encrypted end point. However, participants joining from other video conferencing systems will be unable to connect unless they've enabled AES Encryption on their unit.
  • Fraud Detection. A built-in mechanism to help catch any fraudulent activity happening on an account or meeting, “Fraud Detection” identifies and reports repeated login failures and meeting join failures. Once caught, the impacted user and IT admin are notified about any locked resources via email and are sent instructions to resolve. Additionally, this feature will block brute force scans looking for meeting IDs over a set period of time and protect meetings from being entered by malicious actors.

So now that you've read "Enabling HIPAA-Compliance with Secure Video Conferencing"! Click here to learn more about BlueJeans Telehealth.