Does your site offer a BAA for HIPAA compliance?
If you use EMDRremote’s BLS lightbar and audio and choose Doxy.me as your teletherapy video service, it is HIPAA compliant and Doxy.me will provide you with a BAA.
If you use EMDRremote’s BLS lightbar and audio and choose EMDRremote’s Video Service as your teletherapy video service, it is HIPAA compliant in that it meets the “conduit exception”.
According to the HHS.gov (re: BAA not needed when teletherapy meets conduit exception):
A conduit transports information but does not access it other than on a random or infrequent basis as necessary for the performance of the transportation service or as required by law. Since no disclosure is intended by the covered entity, and the probability of exposure of any particular protected health information to a conduit is very small, a conduit is not a business associate of the covered entity.
In terms of teletherapy, the solution and security architecture must comply with the certain standards, implementation specifications and requirements with respect to electronic PHI of a covered entity. The general requirements of HIPAA Security Standards state that covered entities must:
1. Ensure the confidentiality, integrity, and availability of all electronic PHI the covered entity creates, receives, maintains, or transmits.
2. Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.
3. Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under the privacy regulations.
4. Ensure compliance by its workforce.