Is GoToMeeting HIPAA Compliant?
GoToMeeting is HIPAA compliant and can be used by covered entities and business associates to collect, disclose, and transmit Protected Health Information (PHI) provided the organization enters into a Business Associate Agreement with the software provider. Thereafter, there is very little configuration or training required to use the platform in compliance with HIPAA.
GoToMeeting is an online meeting and video conferencing platform offered by LogMeIn. The platform is one of many video conferencing and desktop sharing platforms that can improve communication and collaboration in the healthcare industry; but before any solution of this nature can be used to collect, disclose, or transmit PHI, it is important the solution is HIPAA compliant.
Is GoToMeeting HIPAA Compliant?
GoToMeeting is HIPAA compliant inasmuch as the platform includes all the capabilities required to support HIPAA compliance regardless of the plan subscribed to. Most capabilities are compliant by default, and system administrators should only have to configure the access controls and disable the feature that could allow a user to record a meeting and save it to a local device. All other configurations are optional and can be applied as necessary to suit an organization’s requirements.
With regards to entering into a Business Associate Agreement, the GoTo Group offers a one-size-fits-all Business Associate Agreement, which covered entities and business associates are required to sign electronically before collecting, disclosing, or transmitting PHI via the GoToMeeting platform. The Agreement is standard among large software companies, and there are no contentious clauses or hidden surprises in it. Nonetheless, the Agreement should be reviewed before it is signed.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Other Considerations Before Using GoToMeeting
In the context making GoToMeeting HIPAA compliant, it is important to note it is not the platform’s features that determine compliance, but how the features are used – especially when members of the workforce use the platform to conduct telehealth sessions with patients or share information with healthcare providers with whom the patient does not have a direct treatment relationship.
In such circumstance, it may be necessary to provide additional HIPAA training to members of the workforce on how to verify the identities of the people they are communicating with, obtain the consent of patients to continue telehealth sessions if the sessions can be overheard (i.e., by a family member or workplace colleague), and comply with the minimum necessary standard as necessary.
Organizations who are unsure about their compliance obligations when collecting, disclosing, or transmitting PHI via a platform such as GoToMeeting, who have questions about what third party applications can be integrated into the GoToMeeting platform, or who have concerns about what additional training may be required should seek professional compliance advice.
