With the increase in use of remote work and telehealth, cybercriminal activity and video conference hijacking are also increasing. On April 2, 2020, the FBI released an article on defending against video conference hijacking. This is particularly important information for healthcare entities taking advantage of the OCR discretionary enforcement announcement on the use of non-HIPAA compliance telehealth platforms during the COVID-19 public health emergency. The HIPAA Security Rule is still in effect with no waivers or discretionary enforcement announced.
Healthcare entities are relying more and more on video conferencing and telehealth platforms. Video conferencing is allowing us to continue our work during COVID-19. Telehealth is allowing us to continue to treat our patients safely. Both of these activities are convenient and good social distancing practices, so long as we remember the HIPAA Security Rule while we are utilizing the technologies.
Tips for ensuring the privacy and security of videoconferencing in the healthcare setting include :
- Ensure meetings are private
- If possible, do not use the same meeting ID for every video conference
- Require a meeting password
- Ensure you are using the most recent version of the teleconferencing software (keep patches up to date)
- Train your staff on safe videoconferencing practices
Ensuring your organization is protecting itself from videoconferencing hijacking is imperative. A hijacker gaining access to your meetings could put patient information at risk. Contact us if you have any questions on how to secure your videoconferencing.
Stay safe and healthy! Happy HIPAAtrekking!