Best Practices to Ensure Telehealth Security and Protect Patient Data by Paul Banco, CEO and co-founder of etherFAX Paul Banco, CEO of etherFAX To support the sudden increase in test results and medical records being transmitted during the pandemic, hospitals, laboratories, and pharmacies implemented additional devices and remote connections into their networks. After the Office for Civil Rights (OCR) lifted penalties around telehealth to expand care options amid the crisis, new platforms were adopted that were not previously allowed by the Health Insurance Portability and Accountability Act (HIPAA). This exercise of discretion applied to applications including FaceTime and Skype, regardless of whether the telehealth service administered while using the apps was directly related to the coronavirus. Unfortunately, this also increased security risks across thousands of healthcare organizations. Since many communications apps are not HIPAA compliant, the risk of a data breach occurring that compromises personally identifiable information (PII) is imminent. For example, though Apple is a HIPAA business associate, it is not willing to sign a BAA, and therefore, Apple services including FaceTime are not HIPAA compliant.