{ "id": "medical/telemedicine-hipaa-violation", "signature": "AI recommends using consumer video apps (Zoom, FaceTime, WhatsApp) for telemedicine consultations without HIPAA compliance", "signature_zh": "AI推荐使用消费者视频应用(Zoom、FaceTime、WhatsApp)进行远程医疗咨询,而不考虑HIPAA合规性", "regex": "(use|recommend|suggest)\\s*(Zoom|FaceTime|WhatsApp|Skype|Google\\s*Meet)\\s*(for|during)\\s*(telemedicine|telehealth|consultation|appointment)", "domain": "medical", "category": "config_error", "subcategory": null, "root_cause": "Consumer video platforms do not sign Business Associate Agreements (BAAs) and lack end-to-end encryption required for protected health information (PHI) under HIPAA.", "root_cause_type": "generic", "root_cause_zh": "消费者视频平台不签署业务伙伴协议(BAA),且缺乏《健康保险可携性和责任法案》(HIPAA)对受保护健康信息(PHI)要求的端到端加密。", "versions": [ { "version": "hipaa_rule_2023", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "zoom_healthcare_5.17", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "doxy.me_2024.1", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" } ], "os_specific": {}, "dead_ends": [ { "action": "", "why_fails": "User assumes any encrypted app is HIPAA-compliant; encryption alone is insufficient without BAA", "fail_rate": 0.75, "condition": "", "sources": [] }, { "action": "", "why_fails": "User thinks small practices are exempt from HIPAA for telemedicine", "fail_rate": 0.6, "condition": "", "sources": [] } ], "workarounds": [ { "action": "Use HIPAA-compliant platforms: Doxy.me, Zoom for Healthcare (with BAA), or Updox. Configure Zoom: sign BAA via settings > HIPAA compliance toggle; enable end-to-end encryption for meetings.", "success_rate": 0.95, "how": "Use HIPAA-compliant platforms: Doxy.me, Zoom for Healthcare (with BAA), or Updox. Configure Zoom: sign BAA via settings > HIPAA compliance toggle; enable end-to-end encryption for meetings.", "condition": "", "sources": [] }, { "action": "If using open-source: deploy Jitsi Meet on a HIPAA-compliant server (e.g., AWS with BAA) and configure encryption. Example config: `jitsi-videobridge --domain=telemed.example.com --secure-domain=true --require-encryption=true`", "success_rate": 0.9, "how": "If using open-source: deploy Jitsi Meet on a HIPAA-compliant server (e.g., AWS with BAA) and configure encryption. Example config: `jitsi-videobridge --domain=telemed.example.com --secure-domain=true --require-encryption=true`", "condition": "", "sources": [] } ], "workarounds_zh": [ "Use HIPAA-compliant platforms: Doxy.me, Zoom for Healthcare (with BAA), or Updox. Configure Zoom: sign BAA via settings > HIPAA compliance toggle; enable end-to-end encryption for meetings.", "If using open-source: deploy Jitsi Meet on a HIPAA-compliant server (e.g., AWS with BAA) and configure encryption. Example config: `jitsi-videobridge --domain=telemed.example.com --secure-domain=true --require-encryption=true`" ], "transition_graph": { "leads_to": [], "preceded_by": [], "frequently_confused_with": [] }, "official_doc_url": "https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/hipaa-online-telehealth/index.html", "official_doc_section": null, "error_code": "HIPAA_VIOLATION_APP", "verification_tier": "ai_generated", "confidence": 0.89, "fix_success_rate": 0.93, "resolvable": "true", "first_seen": "2024-01-20", "last_confirmed": "2024-06-01", "last_updated": "2024-06-01", "evidence_count": 1, "tags": [], "locale": "en", "aliases": [] }