FaceTime calls are encrypted; and HIPAA compliant when using proper encryption

Summary:Apple gear is HIPAA compliant when using WPA2 Enterprise security. It's arguable that WPA and WPA/Personal connections are also compliant, but it's debatable.

Back in July 2010 Apple responded to a rumor that FaceTime calls were unencrypted saying that the entire FaceTime conversation stream is encrypted.

This raised an interesting question from an IT professional in local County government who wondered about the type of encryption Apple uses in FaceTime calls.

The reader wanted to know if Apple gear like the iPad and iPhone were HIPPA compliant, and eligible for government funds.

Government grants in the healthcare industry require HIPAA compliance. The section on Access Control requires systems ensuring that only authorized users are granted access to Electronic Protected Health Information (EPHI). While somewhat vaguely worded, strong encryption is the only practical means of meeting the government "authorized users" requirement.

An Apple representative involved with the iPad emailed me this response:

iPad supports WPA2 Enterprise to provide authenticated access to your enterprise wireless network. WPA2 Enterprise uses 128-bit AES encryption, giving users the highest level of assurance that their data will remain protected when they send and receive communications over a Wi-Fi network connection.  In addition to your existing infrastructure each FaceTime session is encrypted end to end with unique session keys. Apple creates a unique ID for each FaceTime user, ensuring FaceTime calls are routed and connected properly.

Simply put, Apple gear is HIPPA compliant -- if your wireless connections use WPA2 Enterprise security. Some interpret the HHS requirement to include WPA and WPA2 Personal as compliant, but HIPAA is a big complex hairy monster and, well, it depends on several variables.

One thing's for sure: WEP is out, and you should avoid mentioning that swiss cheese security protocol around your friends at the U.S. Department of Health and Human Services -- if you want a check from the Feds, that is.

Topics: Legal, Health, IT Employment

About

Jason D. O'Grady developed an affinity for Apple computers after using the original Lisa, and this affinity turned into a bona-fide obsession when he got the original 128 KB Macintosh in 1984. He started writing one of the first Web sites about Apple (O'Grady's PowerPage) in 1995 and is considered to be one of the fathers of blogging.... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.