Roger Cohen: Apple FaceTime and the HIPAA Conduit Rule

Featured image

Share this article

Roger Cohen: Apple FaceTime and the HIPAA Conduit Rule - Paubox

We recently filmed an episode of HIPAA Center with Roger Cohen, Life Sciences Partner at Goodwin Proctor. He is also our HIPAA attorney.

During our interview, we talked about Apple FaceTime and the HIPAA Conduit Rule.

Roger Cohen: Apple FaceTime and the HIPAA Conduit Rule

Here’s the transcript from our conversation:

UPDATE: In April 2020, in connection with the COVID-19 pandemic, the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) announced the Notification of Enforcement Discretion, which allows healthcare providers to use widely available communication apps, such as [name of the app], for telehealth services without the risk of incurring HIPAA fines. For more information, check out this recent Paubox blog post.

Hoala Greevy: Lately we’ve been covering the HIPAA Conduit Rule Exception in our own blog posts and content. One of the questions one of our customers had was, “say something like Apple FaceTime, does that apply for the HIPAA Conduit Rule or not?”

It’s kind of an opaque area, as I understand it.

Roger Cohen: The HIPAA Conduit Exception is a reasonably narrow exception. Sort of the traditional example of a HIPAA Conduit is the Post Office, or FedEx, or UPS. And either the phone company, setting aside voicemail, which is a slightly more complicated issue, in tech ISPs.

I would want to understand how FaceTime works and what happens to data, if any data is stored. That’s really the key in the application of the Conduit Exception.

Does the Conduit, or the Entity that may be a Conduit, does it have only transitory access to the possession of health information, or is it storing health information over a longer period of time?

Hoala Greevy: That’s what my conclusion was on my layman’s research on it because you know you’ve got, I’m sure they’re logging IP address, date, time, maybe a person’s name. I mean Apple doesn’t sign Business Associate Agreements for their consumer grade services and I felt like this didn’t fit the HIPAA Conduit Rule.

Roger Cohen: I would advise talking to your HIPAA lawyer prior to concluding that Apple FaceTime can be a conduit.

Hoala Greevy: Got it!

Roger Cohen

Roger Cohen is a Partner in Goodwin’s nationally recognized Life Sciences Practice. He counsels healthcare services, life sciences, and healthcare IT clients concerning compliance with the myriad laws and regulations governing the delivery of healthcare services such as the Anti-Kickback Statute, the Physician Self-Referral Law (the Stark Law), the False Claims Act, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Medicare and Medicaid rules and regulations, and laws governing reimbursement, licensure and certification.

Mr. Cohen’s experience also includes extensive work on healthcare transactions. He has represented clients in acquisitions and financings involving a wide variety of healthcare providers including hospitals, ambulatory surgery centers, physician groups, skilled nursing facilities, rehabilitation and physical therapy facilities, behavioral health and substance abuse treatment providers, dental clinics, home healthcare providers, clinical laboratories, pharmacies, and care management companies, among others.

Mr. Cohen also has deep experience assisting clients in transactions involving and providing counsel to health IT companies such as telemedicine providers and electronic health record, mobile health (mHealth), and digital health companies.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Hoala Greevy

Founder of Paubox. Kayak fishing when I can. Native Hawaiian CEO.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022