Lifesize Healthcare Solutions and HIPAA Compliance

HIPAA includes both the Privacy Rule and the Security Rule. The Privacy Rule, a federal law, gives individuals rights over their health information and sets rules and limits on who can look at and receive it. The Privacy Rule applies to all forms of individuals’ PHI, whether electronic, written or oral. The Security Rule, a federal law that protects health information in electronic form, requires entities covered by HIPAA to ensure that electronic PHI (ePHI) is secure. The Privacy and Security Rules focus on information safeguards and require Covered Entities and Business Associates to implement the reasonable and appropriate means to secure and protect health data.

LIFESIZE AND HIPAA COMPLIANCE

Lifesize video conferencing products and services, including cloud video conferencing, are aligned with customers seeking to comply with HIPAA.

While there are no official government or industry certifications for HIPAA compliance, Lifesize has reviewed HIPAA privacy and security requirements and aligned its products, policies and procedures to support customers in accordance with HIPAA.

Lifesize customers who are required to comply with HIPAA must have a services agreement with Lifesize (including a Lifesize Cloud Terms of Service agreement). If appropriate, Lifesize may sign a HIPAA Business Associate Agreement (or BAA) with such customers.

Because each Covered Entity or Business Associate must determine and maintain its own compliance with HIPAA, Lifesize customers retain responsibility for HIPAA compliance and must configure Lifesize products and services and enforce policies for use within their organizations to fully comply with HIPAA.

Technical safeguards for Lifesize video conferencing products include AES encryption of data streams (both video and audio), which is standards-based H.235 encryption and interoperable with systems that follow this standard, system access controls and password protection in the user and administrator preference menus. The efficacy of some of these safeguards depends on human behavior—Lifesize customers must enforce policies and standards on password handling and other protections to maintain the safeguards.

^{NOTE: Lifesize enables customers who are subject to HIPAA to leverage Lifesize’s secure environment to transmit protected health information (PHI) during real-time video conferences among participants who can legally receive such PHI. However, customers should not use Lifesize’s services to record or store PHI. Customers must ensure that all recording features, including Lifesize Record & Share, Live Stream and Chat, are not used for PHI. These features may only be used for purposes unrelated to PHI. A customer’s account administrator may elect to disable these features to ensure they are not used for PHI by the customer’s account users. For assistance with disabling account features, please contact a Lifesize customer support advocate.}