VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II

Authors

  • Valerie J.M. Watzlaf PhD, RHIA, FAHIMA Department of Health Information Management, School of Health and Rehabilitation Sciences, University of Pittsburgh, Pittsburgh, PA
  • Sohrab Moeini MS Department of Health Information Management, School of Health and Rehabilitation Sciences, University of Pittsburgh, Pittsburgh, PA
  • Laura Matusow BS, RHIA Department of Health Information Management, School of Health and Rehabilitation Sciences, University of Pittsburgh, Pittsburgh, PA
  • Patti Firouzan MSIS, RHIA Department of Health Information Management, School of Health and Rehabilitation Sciences, University of Pittsburgh, Pittsburgh, PA

DOI:

https://doi.org/10.5195/ijt.2011.6070

Abstract

In a previous publication the authors developed a privacy and security checklist to evaluate Voice over the Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy.  In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR.  Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR.

Keywords: Voice over the Internet Protocol (VOIP), telerehabilitation, HIPAA, privacy, security, evaluation

  

Author Biography

Valerie J.M. Watzlaf, PhD, RHIA, FAHIMA Department of Health Information Management, School of Health and Rehabilitation Sciences, University of Pittsburgh, Pittsburgh, PA

Valerie J. M. Watzlaf, PhD, RHIA, FAHIMA is an associate professor within the Department of Health Information Management in the School of Health and Rehabilitation Sciences at the University of Pittsburgh.  She also holds a secondary appointment in the Department of Health Services Administration in the Graduate School of Public Health.  In those capacities, she teaches and performs research in the areas of health information management, epidemiology, quality improvement, and statistics.

References

Callahan, J.D. (2010). Privacy: The Impact of ARRA, HITECH, and other Policy Initiatives. American Health Information Management Association (AHIMA).

Cason, J. (2009). A pilot telerehabilitation program: Delivering early intervention services to rural families. International Journal of Telerehabilitation, 1, 29-37.

Garfinkel, S. (2005). VoIP and Skype Security. Skype Security Overview-Rev., 1.6 Retrieved July 11, 2010 from http://www.tacticaltech.org/files/tacticaltech/Skype_Security.pdf

Herman, V., Herzog, H., Jordan, R., Hofherr, M., Leving, P., & Page, S. (2010). Telerehabilitation and electrical stimulation: An occupation based client-centered stroke intervention. The American Journal of Occupational Therapy, 64: 73-81. http://support.mitglobalnet.net/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=9

Ikelheimer, D. (2008). Letters to the Editor: Treatment of opioid dependence via home-based telepsychiatry. Psychiatric Services. 59: 1218-1220. Retrieved July 10, 2010 from http://psychservices.psychiatryonline.org/cgi/reprint/59/10/1219.pdf

Kuhn, D., Walsh T., & Fries S. (2005). Security considerations for voice over IP systems: Recommendations of the National Institute of Standards and Technology (NIST). Technology Administration, U.S. Department of Commerce Special Publication, 800-58.

Lazar, I. (Speaker). (2006). Debunking the Hype about Skype [Audio Recording]. Burton Group Inflection Point.

Lewis, N. (2010 June 30). Army using telemedicine for healthcare delivery. Information Week: Healthcare. Retrieved on July 12, 2010 from http://www.informationweek.com/news/healthcare/patient/showArticle.jhtml?articleID=225701968

Magic Island Technologies. Skype. (2008) Retrieved July 12, 2010 from http://support.mitglobalnet.net/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=9

Maheu, M. (2009a). Comments: Is Skype HIPAA compliant? Adventures in telepsychiatry: a psychiatrist in a solo private practice experiments with telepsychiatry. Retrieved July 20, 2010 from http://adventuresintelepsychiatryblog.patrickbarta.com/2009/10/is-skype-hipaa-compliant/

Maheu, M. (2009b). HIPAA and hijacked Skype passwords: Another security violation that brings viability of online counseling via Skype into yet more questioning. Telehealth.Net. Retrieved July 10, 2010 from http://telehealth.net/blog/hipaa-hijacked-skype-passwords-another-security-violation-that-bring-online-counseling-to-question/

Parmanto, B., Saptono, A., Pramana, G., Pulantara, W., Schein, R., Schmeler, M., McCue, M., & Brienza, D. (2010). VISYTER: Versatile and Integrated System for Telerehab. Telemedicine and E-Health. 16(9):1-6.

Skype Business Blog. (2009). Doctors using Skype to transform medical practice. Retrieved July 9, 2010, from http://blogs.skype.com/business/2009/05/doctors_using_skype_to_transform_medical_practice.html

Skype and HIPAA: Myth buster. (June 6, 2009). Voyager telepsychiatry: A forum on home-based telepsychiatry. Retrieved July 9, 2010 from http://voyagerllc.blogspot.com/2009/06/skype-and-hipaa-myth-buster.html

Vidyo Inc. 2010, Vidyo Telepresence- Secure VidyoConferencing: Protecting Your Communications. Retrieved April 19, 2011 from VidyoInfo@vidyo.com

Watzlaf, V., Moeini, S., & Firouzan, P. (2010). VoIP for telerehabilitation: A risk analysis for privacy, security, and HIPAA compliance. International Journal of Telerehabilitation, 2(2), 3-14. doi: 10.5195/ijt.2010.6056

Wolinsky H. & Titus F. (Producer/Director), (2009). LA therapist helps clients relieve pain via Skype. YouTube Retrieved on July 12, 2010 from http://www.youtube.com/watch?v=eB5tZfZfabo

Zur, O. (2010). HIPAA Updates from Zur Institute: Innovative resources and online continuing education. Retrieved July 10, 2010 from http://www.zurinstitute.com/hipaa_updates.html

Published

2011-05-24

How to Cite

Watzlaf, V. J., Moeini, S., Matusow, L., & Firouzan, P. (2011). VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II. International Journal of Telerehabilitation, 3(1). https://doi.org/10.5195/ijt.2011.6070

Issue

Section

Technology Review