A therapist colleague of mine contacted Ring Central (a video and telephone platform that provides HIPAA BAA subcontractor paperwork upon request) with questions about their messaging capabilities and encryption. They were looking for a compliant way to text message with clients. The support staff directed them to this article:
At first glance, the article would seem to make messaging with clients golden as a good level of encryption is described and the therapist has a HIPAA BAA with Ring Central. Right?
Wrong.
A few different topics are getting confused here – smart phone SMS text messaging, messaging within Ring Central apps and websites, and HIPAA BAA subcontractor agreements.
With SMS text messaging by phone it will never be HIPAA compliant (even if the therapist sends it from within Ring Central) because the client will get the SMS text message unencrypted on their smartphone.
Messaging within the Ring Central apps and website IS at an excellent level of encryption – but won’t be covered by the therapist’s HIPAA BAA agreement unless the people messaged are also part of the therapist’s company account or are other therapists with their own Ring Central accounts with HIPAA BAA subcontractor agreements. This will rarely if ever cover therapy clients.
This gets confusing. So – for example – when I go into my Ring Central account online and click on “Message” I’m invited to email a messaging link to anyone I choose. So far so good. But when that person (like a client for example) goes to that messaging link, Ring Central REQUIRES them to sign up for their own FREE Ring Central account. That FREE account WILL NOT be covered by a HIPAA BAA agreement. So the messages sent to them (inside a Ring Central app or website) will be encrypted but not HIPAA compliant.
Similar problem with Ring Central video conferencing. As long as the client DOES NOT sign in with their own free account – and instead goes to my anonymous video link – it will be covered under my BAA agreement with Ring Central. However, Ring Central invites clients to sign up for their own FREE account in order to video conference with me. If the client makes that mistake, then its no longer a HIPAA compliant video conference session because only one of our two Ring Central accounts is covered by BAA.
I sometimes wonder why this all is left in such a confusing state?
Of course, I’m not a lawyer, so do your own research too.
#psychology #neurology #socialwork #psychiatry @psychology@a.gup.pe @socialwork@a.gup.pe @psychiatry@a.gup.pe #mentalhealth #psychotherapists @psychotherapists@a.gup.pe #pharmacy #medicationchecker #drugs #druginteractions #cookies #tracking #hacking #3rdpartytrackers #HIPAA #privacy #dataprivacy #webbeacons #RingCentral #VoIP #telephony