HT202078: If you use FaceTime and iMessage behind a firewall

Learn about If you use FaceTime and iMessage behind a firewall
jjpeoples

Q: FaceTime encryption

I work in a health care organization in the field of telemedicine located in the midwest. As of late, iPads are being deployed to physicians for use in clinical settings for use with access to EMRs and additonal app resources for patient care. I am receiving an increased amount of inquires related to the use of FaceTime as method for telemedicine encounters. I am interested in learning what level of encryption is used for FaceTime. The level of ecryption is related to HIPAA compliance and would affect the use of FaceTime for clincal encounters. Could FaceTime be considered HIPAA compliant?

iPad 2, iOS 5.1.1

Posted on May 18, 2012 1:32 PM

Close

Q: FaceTime encryption

  • All replies
  • Helpful answers

  • by MessagingTech,Helpful

    MessagingTech MessagingTech May 18, 2012 1:43 PM in response to jjpeoples
    Level 1 (40 points)
    May 18, 2012 1:43 PM in response to jjpeoples

    I'm not sure on the specifics of FaceTime or HIPAA but I would assume it would depend on the encryption of your WI-Fi connection.  FaceTime is a Wi-Fi only feature so it's only as secure as the Wi-Fi network on either end. 

  • by jjpeoples,

    jjpeoples jjpeoples May 18, 2012 1:53 PM in response to MessagingTech
    Level 1 (0 points)
    May 18, 2012 1:53 PM in response to MessagingTech

    From what I have read at this point, the security comes into play when the level of encryption from point to point. If for example our organiztion supports and utilizes WPA2 Enterprise which uses 128 bit encryption and assuming both end points are on the same network, would the connection be secure enough to be HIPAA compliant?

  • by MessagingTech,Helpful

    MessagingTech MessagingTech May 18, 2012 1:57 PM in response to jjpeoples
    Level 1 (40 points)
    May 18, 2012 1:57 PM in response to jjpeoples

    I assume it would be the same for WebEx or GoToMeeting that have iPad support/apps and use video conferencing.  If your organization allows the use of WebEx or another service, it might be worth looking into that as a corporate solution than FaceTime.  To go a step further you can create an iPhone configuration policy to block FaceTime if there are concerns over it and use only supported standards.  If both users are on the same network, I would think it would be secure enough, but I don't have any experience with HIPAA or health care laws. 

  • by jjpeoples,

    jjpeoples jjpeoples May 18, 2012 2:16 PM in response to MessagingTech
    Level 1 (0 points)
    May 18, 2012 2:16 PM in response to MessagingTech

    We do use WebEX and GoToMeeting mainily from PC workstations. Most video conferencing is point to point with tradtional video conferecning gear i.e., Tandberg/Cisco or Polycom. WebEx is generally used for webinars with no exchange of patient information. Microsoft OCS is utilized mainly for Live Meeting for content and video conferencing to remote locations.The question that I have is what is the encryption for FaceTime is it indeed 128bit?

  • by MessagingTech,

    MessagingTech MessagingTech May 21, 2012 8:07 AM in response to jjpeoples
    Level 1 (40 points)
    May 21, 2012 8:07 AM in response to jjpeoples

    From my brief research the answer appears to be Yes, if you are using a WPA2 encrypted network.  However, I wouldn't think you can 100% guarentee compliance because the device is not certified as such and you cannot ensure that users are connected to the correct Wi-Fi or other what-if scenarios.

     

     

    http://www.tuaw.com/2011/09/21/facetime-calls-are-encrypted-hipaa-compliant/

  • by adl2,

    adl2 adl2 Aug 22, 2012 7:50 AM in response to jjpeoples
    Level 1 (0 points)
    Aug 22, 2012 7:50 AM in response to jjpeoples

    Please call me for a secure solution for your business teleconferencing needs: 917-287-4802.

    Thanks! Donna