WebRTC-HIPAA Compliant or Not
676 views
Skip to first unread message
ashen...@mcs.edu.pk
Jul 25, 2015, 4:27:39 PM7/25/15
to discuss-webrtc
Dear Concerned;
I want to inquire about WebRTC's HIPAA compliance. Is it completely HIPAA compliant or Not? For example in a scenario, where we want to incorporate WebRTC in our web based electronic health records or Mobile based Patient Health records ,would WebRTC HIPAA compliant?
I read below mentioned articles on this issue but could not successfully draw any conclusion that whether WebRTC is HIPAA compliant or not.
2. http://www.tmcnet.com/voip/departments/articles/375049-webrtc-fuels-surge-telehealth-services.htm
Please help/guide us in this regard.
I would appreciate if you could respond a bit early.
Thank You!
Ahsen Raza
Healthcare IT Researcher
Calvin Walton
Jul 27, 2015, 11:37:20 AM7/27/15
to discuss...@googlegroups.com
On Sat, 2015-07-25 at 06:03 -0700, ashen...@mcs.edu.pk wrote:
> Dear Concerned;
>
> I want to inquire about WebRTC's HIPAA compliance. Is it completely
> HIPAA
> compliant or Not? For example in a scenario, where we want to
> incorporate
> WebRTC in our web based electronic health records or Mobile based
> Patient
> Health records ,would WebRTC HIPAA compliant?
It's impossible to say whether "WebRTC" is HIPAA compliant or not,
> Dear Concerned;
>
> I want to inquire about WebRTC's HIPAA compliance. Is it completely
> HIPAA
> compliant or Not? For example in a scenario, where we want to
> incorporate
> WebRTC in our web based electronic health records or Mobile based
> Patient
> Health records ,would WebRTC HIPAA compliant?
because it's just a protocol specification for the media paths.
What you'd have to look at is a complete end-to-end web conferencing
service that is built using WebRTC. At that point you can analyze the
signalling protocols used by their server component, their auditing
ability and privacy controls, etc.
So, to summarize, the question "Is WebRTC HIPAA compliant" makes no
sense.
The question "Is online service X which uses WebRTC technology HIPPA
compliant" is a very useful question, and it has to be answered
separately for each online service.
--
Calvin Walton <calvin...@kepstin.ca>
Eric Davies
Jul 27, 2015, 1:34:00 PM7/27/15
to discuss-webrtc, calvin...@kepstin.ca
true, however, a more useful question to have answered would be:
Is there anything in the webrtc protocol itself (as implemented in the browser, so not including signalling) that violates HiPA compliance?
Peter Saint-Andre - &yet
Jul 27, 2015, 1:46:20 PM7/27/15
to discuss...@googlegroups.com
I'd echo Calvin: it's a matter of the service, not the protocol or API.
AFAICS, nothing in WebRTC itself violates the Health Insurance
Portability and Accountability Act (although I have heard about services
that aren't paying close attention to HIPAA requirements even though
they really should).
Peter
P.S. It's HIPAA, not HiPA, HIPPA, or HIPPO. :-)
On 7/27/15 11:34 AM, Eric Davies wrote:
> true, however, a more useful question to have answered would be:
>
> Is there anything in the webrtc protocol itself (as implemented in
> the browser, so not including signalling) that violates HiPA compliance?
>
>
>
>
> On Monday, July 27, 2015 at 8:37:20 AM UTC-7, Calvin Walton wrote:
>
> On Sat, 2015-07-25 at 06:03 -0700, ashen...@mcs.edu.pk <javascript:>
>
AFAICS, nothing in WebRTC itself violates the Health Insurance
Portability and Accountability Act (although I have heard about services
that aren't paying close attention to HIPAA requirements even though
they really should).
Peter
P.S. It's HIPAA, not HiPA, HIPPA, or HIPPO. :-)
On 7/27/15 11:34 AM, Eric Davies wrote:
> true, however, a more useful question to have answered would be:
>
> Is there anything in the webrtc protocol itself (as implemented in
> the browser, so not including signalling) that violates HiPA compliance?
>
>
>
>
> On Monday, July 27, 2015 at 8:37:20 AM UTC-7, Calvin Walton wrote:
>
> wrote:
> > Dear Concerned;
> >
> > I want to inquire about WebRTC's HIPAA compliance. Is it completely
> > HIPAA
> > compliant or Not? For example in a scenario, where we want to
> > incorporate
> > WebRTC in our web based electronic health records or Mobile based
> > Patient
> > Health records ,would WebRTC HIPAA compliant?
>
> It's impossible to say whether "WebRTC" is HIPAA compliant or not,
> because it's just a protocol specification for the media paths.
>
> What you'd have to look at is a complete end-to-end web conferencing
> service that is built using WebRTC. At that point you can analyze the
> signalling protocols used by their server component, their auditing
> ability and privacy controls, etc.
>
> So, to summarize, the question "Is WebRTC HIPAA compliant" makes no
> sense.
>
> The question "Is online service X which uses WebRTC technology HIPPA
> compliant" is a very useful question, and it has to be answered
> separately for each online service.
>
> --
> Calvin Walton <calvin...@kepstin.ca <javascript:>>
> > Dear Concerned;
> >
> > I want to inquire about WebRTC's HIPAA compliance. Is it completely
> > HIPAA
> > compliant or Not? For example in a scenario, where we want to
> > incorporate
> > WebRTC in our web based electronic health records or Mobile based
> > Patient
> > Health records ,would WebRTC HIPAA compliant?
>
> It's impossible to say whether "WebRTC" is HIPAA compliant or not,
> because it's just a protocol specification for the media paths.
>
> What you'd have to look at is a complete end-to-end web conferencing
> service that is built using WebRTC. At that point you can analyze the
> signalling protocols used by their server component, their auditing
> ability and privacy controls, etc.
>
> So, to summarize, the question "Is WebRTC HIPAA compliant" makes no
> sense.
>
> The question "Is online service X which uses WebRTC technology HIPPA
> compliant" is a very useful question, and it has to be answered
> separately for each online service.
>
> --
>
Reply all
Reply to author
Forward
0 new messages