Healthcare communications is rapidly changing – patients now routinely email their physicians, physicians connect with each-other via mobile-based professional networks, and more. The introduction of Apple’s FaceTime video chat sparked excitement and discussion in the healthcare community about its possible use in telemedicine. However, many were wary about associated patient privacy issues and HIPAA compliance.
It seems that this question has now been answered. According to Apple, calls made via FaceTime can be HIPAA-compliant with the appropriate security configuration. The news that this ubiquitous, free communications platform meets these rigorous standards has potentially wide implications for how patients, physicians, and others in healthcare communicate.
To be fair, its not quite as simple as just opening FaceTime and calling your patient. Specifically, the WPA2 Enterprise configuration provides an extra level of authentication when establishing a wireless connection. WEP does not provide the appropriate level of security, and WPA and WPA2 personal settings are questionable. FaceTime calls are fully encrypted as well.
According to an email from Apple to ZDNet:
iPad supports WPA2 Enterprise to provide authenticated access to your enterprise wireless network. WPA2 Enterprise uses 128-bit AES encryption, giving users the highest level of assurance that their data will remain protected when they send and receive communications over a Wi-Fi network connection.
In addition to your existing infrastructure each FaceTime session is encrypted end to end with unique session keys. Apple creates a unique ID for each FaceTime user, ensuring FaceTime calls are routed and connected properly.
FaceTime has numerous potential applications in healthcare. Simple applications include a primary care provider communicating with his or her patients or a hospitalist checking in with a patient when they can’t get to the room. It also opens the door to more complex apps utilizing the iPad and iPhone 4 forward-facing cameras as part of telemedicine systems.
This is favorable from a financial standpoint, since only HIPAA-compliant devices are eligible for government grants. As such, the iPad may now find further use in telemedicine programs, particularly those seeking to back up their interventions with data. With the prospect of increased federal funding and the growing popularity of telemedicine, the timing of this announcement could prove to be particularly fortuitous.
One interesting question, particularly in light of the recent FDA meeting, is what kind of regulatory attention this may attract for FaceTime. Intended use, a heavily debated topic at that meeting, could prove to be particularly complex here – a consumer app with healthcare applications that are, to some extent, being promoted by Apple.
FaceTime has the potential to broaden the exchange of information among physicians, provide greater convenience to patients, and improve the quality of patient care. The assurance of a secure connection may prompt more physicians to adopt iPads in practice for communication as well as other uses, though it may be prudent to await confirmation from a regulatory body.