The Protection of ePHI in the Face of Telehealth and COVID-19
Posted on: May 29th, 2020 08:31 pm
Updated on: March 24th, 2023 09:30 pm
What is Telehealth?
The Health Resources Services Administration (HRSA) defines telehealth as, “the use of electronic information and telecommunications technologies to support long-distance clinical health care, patient and professional health-related education, public health, and health administration. Technologies include videoconferencing, the internet, store-and-forward imaging, streaming media, and terrestrial and wireless communications.”
In today’s healthcare landscape, telehealth technologies help bridge the gap between patients and providers, ensuring patients can continue to receive the highest level of care even when they’re unable to physically visit a physician.
How Has Telehealth Changed Before and After COVID-19?
Staying Safe and Cyber-Secure Through Telehealth
Using a secure platform
To help, “empower medical providers to serve patients wherever they are during this national public health emergency”, Health and Human Services (HHS) issued guidance and enforcement discretion for organizations to be able to implement tools to provide routine care for patients with chronic diseases and high risk factors.
It’s a necessity that telehealth be operated on a secure platform. Of the available communication platforms, only a select few are regarded as secure and appropriate for telehealth uses. The list below includes some ‘non-public’ facing communication platforms that represent that they provide HIPAA-compliant video communication products that they will enter into a HIPAA BAA:
- Skype for Business / Microsoft Teams
- Updox
- VSee
- Zoom for Healthcare
- Doxy.me
- Google G Suite Hangouts Meet
- Cisco Webex Meetings / Webex Teams
- Amazon Chime
- GoToMeeting
- Spruce Health Care Messenger
*The OCR has not reviewed the BAAs offered by the vendors and the list does not constitute an endorsement or recommendation of the technology.
Knowing that hospitals need to adapt quickly to remote options for healthcare, the OCR will not impose penalties for non-compliance with the requirements under the HIPAA Rules against covered health care providers in connection with the provision of telehealth during the COVID-19 public health emergency. This means that Telehealth can be handled through the following platforms until the pandemic is over:
- Apple FaceTime
- Facebook Messenger video chat
- Google Hangouts video
- Skype
Platforms that are considered ‘public-facing’ and do not have the appropriate security measures that promote privacy and are regarded as inappropriate include but are not limited to:
- Facebook Live
- Twitch
- TikTok
- Chat rooms
Secure Endpoints
Business Associate Agreements
How to Achieve Full Compliance
The security, policies, procedures, and enforcement required to adhere to HIPAA regulations and correctly implementing a telehealth solution can seem complex. That’s why at Intraprise Health, we’ve chosen to simplify these procedures and ensure complete compliance is easily attainable. The Intraprise Health offers various training courses that are created to address the proper use of information and how to prevent theft. Our HIPAA workforce training includes details regarding what safety measures providers are recommended to apply. Disregarding HIPAA compliance may result in hefty fines because of PHI breaches. HIPAA One® is here to help so you can easily achieve compliance and handle audits together.
Taking all these precautions will allow practitioners to stay safe while maintaining PHI security. For more information view our recorded webinars page.