VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance


  • Valerie J.M. Watzlaf University of Pittsburgh, Pittsburgh, PA, USA
  • Sohrab Moeini University of Pittsburgh, Pittsburgh, PA, USA
  • Patti Firouzan




Voice over the Internet Protocol (VoIP) systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR) therapy that can provide voice and video teleconferencing between patients and therapists.  Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care, and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR. 




Centers for Medicare and Medicaid Services, HIPAA General Information. Retrieved September 9, 2010 from http://www.cms.gov/HIPAAGenInfo/.

Garfinkel, S. (2005). VoIP and Skype security. Skype Security Overview-Rev 1.6 Retrieved July 11, 2010 from http://www.tacticaltech.org/files/tacticaltech/Skype_Security.pdf.

Kuhn, D., Walsh T., & Fries S., (2005). Security considerations for voice over IP systems: Recommendations of the National Institute of Standards and Technology (NIST). Technology Administration, U.S. Department of Commerce Special Publication, 800-58.

Lazzarotti, J., HIPAA Enforcement Regulations Updated for Penalty Increases and Enhancements under the HITECH Act, Retrieved September 9, 2010 from http://www.workplaceprivacyreport.com/2009/11/articles/hipaa-1/hipaa-enforcement-regulations-updated-for-penalty-increases-and-enhancements-under-the-hitech-act/.



How to Cite

Watzlaf, V. J., Moeini, S., & Firouzan, P. (2010). VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance. International Journal of Telerehabilitation, 2(2), 3–14. https://doi.org/10.5195/ijt.2010.6056



Technology Review