updated 01:30 pm EDT, Wed September 21, 2011
Details encryption measures
FaceTime and iOS as a whole should be compliant with HIPAA (Health Insurance Portability and Accountability Act) security rules, an Apple spokesperson suggests. The standard is important in the US healthcare industry as in order for devices to qualify for government funding, they must ensure that only authorized people will be able to access Electronic Protected Health Information, or EPHI. Encryption is effectively mandatory.
"iPad supports WPA2 Enterprise to provide authenticated access to your enterprise wireless network," the Apple representative writes in an email. "WPA2 Enterprise uses 128-bit AES encryption, giving users the highest level of assurance that their data will remain protected when they send and receive communications over a Wi-Fi network connection.
"In addition to your existing infrastructure each FaceTime session is encrypted end to end with unique session keys," the message continues. "Apple creates a unique ID for each FaceTime user, ensuring FaceTime calls are routed and connected properly."
iOS' HIPAA compliance may therefore be contingent on a healthcare facility using WPA2 Enterprise, although WPA or WPA2 Personal may be enough under some interpretations.
The issue of FaceTime's security was first raised in July of last year, when rumors claimed that videocalls might be completely unprotected. Apple answered back, insisting that all points of a conversation were secure.