Apple changes mHealth game with HIPAA security claims

Tools


Apple's claim that FaceTime video chat can be made HIPAA-compliant could be a game-changer for telemedicine specifically and healthcare generally.

Apple officials just announced that with the right security configuration, FaceTime video chat sessions can be secured end-to-end, and at a level that will satisfy HIPAA requirements.

That configuration does require a bit of advanced networking. To run the video chat sessions securely, you'll need a WPA2 Enterprise-enabled network that provides authenticated access. Existing WEP, WPA1, and WPA2 won't cut it.

WPA2 Enterprise, however, uses 128-bit AES encryption, and Apple encrypts FaceTime sessions with unique session keys and a unique ID for each user. The upshot: This security configuration will qualify as HIPAA-compliant, Apple officials indicate.

I particularly agree with bloggers at mHealthWatch who put it this way: "With Apple putting these security and regulatory systems in place, the iOS platform in general could become a hotbed of advanced mHealth innovation--well beyond the basic health and fitness apps we're seeing today."

So even with Apple's curated development process, we expect to see telehealth developers migrating quickly to the iPad, iPhone, and other iOS platforms. And given the recent alerts about malware and viruses on Androids, this security announcement may put Apple in the mHealth lead for some time to come.

The security assurances also may widen the use of FaceTime beyond the traditional clinician-to-patient model, to include provider-to-provider consults, nurse-to-physician powwows, combined treatment video sessions with multiple clinicians, and other scenarios that right now require a special, secured telemedicine connection.

And given the ubiquity of iPhones and iPads in healthcare--more than 75 percent of U.S. doctors own them, according to a recent study by Manhattan Research--those uses will undoubtedly become even more creative with time.

One cautionary note: If Apple specifically markets its FaceTime software for healthcare purposes, it could fall under FDA's emerging "intended use" regulations. We'll be watching to see how this part of the debate unfolds. - Sara (@FierceHealthIT)