HIPAA is a federal law that requires
healthcare plans, healthcare clearinghouses
and most healthcare providers (all known
as Covered Entities) to implement certain
privacy and security protections for
individually identifiable health information
(known as “protected health information”
or PHI). HIPAA, as modified and expanded
by the Health Information Technology for
Economic and Clinical Health (HITECH)
Act, also mandates that Covered Entities
contractually require their “Business
Associates” with access to PHI to
implement HIPAA’s privacy and security
HIPAA includes both the Privacy Rule
and the Security Rule. The Privacy Rule,
a federal law, gives individuals rights over
their health information and sets rules
and limits on who can look at and receive
it. The Privacy Rule applies to all forms of
individuals’ PHI, whether electronic, written
or oral. The Security Rule, a federal law that
protects health information in electronic
form, requires entities covered by HIPAA to
ensure that electronic PHI (ePHI) is secure.
The Privacy and Security Rules focus on
information safeguards and require Covered
Entities and Business Associates to implement
the reasonable and appropriate means to
secure and protect health data.
Lifesize video conferencing products
and services, including cloud video
conferencing, are aligned with customers seeking to comply with HIPAA.
While there are no official government
or industry certifications for HIPAA
compliance, Lifesize has reviewed HIPAA
privacy and security requirements and
aligned its products, policies and
procedures to support customers in accordance with HIPAA.
Lifesize customers who are required to
comply with HIPAA must have a services
agreement with Lifesize (including a
Lifesize Cloud Terms of Service agreement).
If appropriate, Lifesize may sign a HIPAA
Business Associate Agreement (or BAA)
with such customers.
Because each Covered Entity or Business
Associate must determine and maintain
its own compliance with HIPAA, Lifesize
customers retain responsibility for HIPAA
compliance and must configure Lifesize
products and services and enforce policies
for use within their organizations to fully
comply with HIPAA.
Technical safeguards for Lifesize video
conferencing products include AES
encryption of data streams (both video and
audio), which is standards-based H.235
encryption and interoperable with systems
that follow this standard, system access
controls and password protection in the
user and administrator preference menus.
The efficacy of some of these safeguards
depends on human behavior—Lifesize
customers must enforce policies and
standards on password handling and other
protections to maintain the safeguards.