VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II

Valerie J.M. Watzlaf, Sohrab Moeini, Laura Matusow, Patti Firouzan


In a previous publication the authors developed a privacy and security checklist to evaluate Voice over the Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy.  In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR.  Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR.

Keywords: Voice over the Internet Protocol (VOIP), telerehabilitation, HIPAA, privacy, security, evaluation


Callahan, J.D. (2010). Privacy: The Impact of ARRA, HITECH, and other Policy Initiatives. American Health Information Management Association (AHIMA).

Cason, J. (2009). A pilot telerehabilitation program: Delivering early intervention services to rural families. International Journal of Telerehabilitation, 1, 29-37.

Garfinkel, S. (2005). VoIP and Skype Security. Skype Security Overview-Rev., 1.6 Retrieved July 11, 2010 from http://www.tacticaltech.org/files/tacticaltech/Skype_Security.pdf

Herman, V., Herzog, H., Jordan, R., Hofherr, M., Leving, P., & Page, S. (2010). Telerehabilitation and electrical stimulation: An occupation based client-centered stroke intervention. The American Journal of Occupational Therapy, 64: 73-81. http://support.mitglobalnet.net/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=9

Ikelheimer, D. (2008). Letters to the Editor: Treatment of opioid dependence via home-based telepsychiatry. Psychiatric Services. 59: 1218-1220. Retrieved July 10, 2010 from http://psychservices.psychiatryonline.org/cgi/reprint/59/10/1219.pdf

Kuhn, D., Walsh T., & Fries S. (2005). Security considerations for voice over IP systems: Recommendations of the National Institute of Standards and Technology (NIST). Technology Administration, U.S. Department of Commerce Special Publication, 800-58.

Lazar, I. (Speaker). (2006). Debunking the Hype about Skype [Audio Recording]. Burton Group Inflection Point.

Lewis, N. (2010 June 30). Army using telemedicine for healthcare delivery. Information Week: Healthcare. Retrieved on July 12, 2010 from http://www.informationweek.com/news/healthcare/patient/showArticle.jhtml?articleID=225701968

Magic Island Technologies. Skype. (2008) Retrieved July 12, 2010 from http://support.mitglobalnet.net/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=9

Maheu, M. (2009a). Comments: Is Skype HIPAA compliant? Adventures in telepsychiatry: a psychiatrist in a solo private practice experiments with telepsychiatry. Retrieved July 20, 2010 from http://adventuresintelepsychiatryblog.patrickbarta.com/2009/10/is-skype-hipaa-compliant/

Maheu, M. (2009b). HIPAA and hijacked Skype passwords: Another security violation that brings viability of online counseling via Skype into yet more questioning. Telehealth.Net. Retrieved July 10, 2010 from http://telehealth.net/blog/hipaa-hijacked-skype-passwords-another-security-violation-that-bring-online-counseling-to-question/

Parmanto, B., Saptono, A., Pramana, G., Pulantara, W., Schein, R., Schmeler, M., McCue, M., & Brienza, D. (2010). VISYTER: Versatile and Integrated System for Telerehab. Telemedicine and E-Health. 16(9):1-6.

Skype Business Blog. (2009). Doctors using Skype to transform medical practice. Retrieved July 9, 2010, from http://blogs.skype.com/business/2009/05/doctors_using_skype_to_transform_medical_practice.html

Skype and HIPAA: Myth buster. (June 6, 2009). Voyager telepsychiatry: A forum on home-based telepsychiatry. Retrieved July 9, 2010 from http://voyagerllc.blogspot.com/2009/06/skype-and-hipaa-myth-buster.html

Vidyo Inc. 2010, Vidyo Telepresence- Secure VidyoConferencing: Protecting Your Communications. Retrieved April 19, 2011 from VidyoInfo@vidyo.com

Watzlaf, V., Moeini, S., & Firouzan, P. (2010). VoIP for telerehabilitation: A risk analysis for privacy, security, and HIPAA compliance. International Journal of Telerehabilitation, 2(2), 3-14. doi: 10.5195/ijt.2010.6056

Wolinsky H. & Titus F. (Producer/Director), (2009). LA therapist helps clients relieve pain via Skype. YouTube Retrieved on July 12, 2010 from http://www.youtube.com/watch?v=eB5tZfZfabo

Zur, O. (2010). HIPAA Updates from Zur Institute: Innovative resources and online continuing education. Retrieved July 10, 2010 from http://www.zurinstitute.com/hipaa_updates.html

DOI: https://doi.org/10.5195/ijt.2011.6070



  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.