HIPAA-Compliant Telehealth: New Protocols & Requirements
Telehealth solutions play a more vital role than ever before. Telehealth helps healthcare facilities avoid becoming overcrowded and allows patients to get medical advice without putting themselves at risk of contracting a virus.
Telehealth is expected to grow by up to 700% by 2025, according to the study by Frost & Sullivan. However, to practice virtual medicine and avoid security concerns, US healthcare providers have to ensure the technology they use for this type of communication is HIPAA compliant.
Let’s look at how healthcare specialists can apply technology-driven approaches and provide patients with HIPAA compliant telehealth solutions.
What is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is the United States legislation that provides data security and privacy regarding confidential medical information. Its primary goal is to eliminate healthcare abuse and fraud by creating standards for handling healthcare information.
The HIPAA Privacy Rule deals with Protected Health Information (PHI) and sets national standards to protect patients’ medical records. It applies to health plans and healthcare providers that manage electronic healthcare transactions.
The HIPAA Security Rule (SR) deals with electronic Protected Health Information (ePHI), part of the HIPAA Privacy Rule.
“Prior to the COVID-19 pandemic, telehealth was gaining acceptance within the healthcare system, but adoption of the technology was slow. Many providers, including physicians and hospitals, shied away from utilizing telehealth due in great measure to compliance concerns, including HIPAA and patient privacy, and reimbursement issues.
As a result of the pandemic and resulting government social distancing and shutdown orders combined with the publics' fear of traveling to healthcare facilities, interest in telehealth has grown exponentially. The interest in telehealth as a vehicle to increase patient access to providers has been so great that federal and state governments, as well as private payers, have crafted waivers applicable to restrictions on telehealth that existed pre-pandemic.”- John E. Morrone, Esq., Chair of the Regulatory and Transaction Life Sciences Group and Co-Chair of the Healthcare Group at Frier Levitt LLC
HIPAA and Telehealth
Communicating with patients and sharing any private health information without using the proper channel doesn’t comply with HIPAA regulations.
The HIPAA Guidelines on Telemedicine are defined within the HIPAA Privacy Rule and state the following:
- Only authorized users should have access to ePHI.
- A system of secure communication should be implemented to protect the integrity of ePHI.
- A system of monitoring communications containing ePHI should be implemented to prevent accidental or malicious breaches.
It means that medical professionals and healthcare providers need to ensure the telehealth technology they’re using provides fully encrypted data transmission and doesn’t store video files. Plus, if there’s any technology partner involved, they should be ready to enter into a business associate agreement (BAA)
Here are some of the vendors that state they provide HIPAA-compliant video communication products:
- Skype for Business / Microsoft Teams
- Zoom for Healthcare
- Google G Suite Hangouts Meet
- Cisco Webex Meetings / Webex Teams
- Amazon Chime
- Spruce Health Care Messenger
“One large area of consideration, especially when serving patients with behavioral or cognitive/mental health needs, information security is crucial, not just security of the videoconferencing platform itself, but also of the environments(s) where services are being provided. For example, educating patients about the importance of making sure they are in a safe, secure environment is important to ensure that their privacy is maintained.
This can typically be done by starting every session with a statement similar to “Please be aware that we are communicating on a secure platform and that I (we, if multiple providers) am in a secure & private environment. I cannot, however, guarantee that your environment is secure. In order to maintain your privacy, please make sure that your environment is secure and that no one can overhear information we may discuss during this session.”
In my experience, many clinicians don't stop to think about making sure the patient's environment is secure. Taking this step does two things: 1) establishes a safe/secure environment for service provision, and 2) communicates to the patient that the clinician truly cares for and is sensitive to protecting the privacy of the patient. This helps increase compliance, engagement, and satisfaction with services."- Rafael E. Salazar II, MHS, OTR/L, Principal Owner, Rehab U Practice Solutions
Current HIPAA Guidelines For Telehealth
Due to the coronavirus pandemic, the HHS Office for Civil Rights (OCR) announced that it would relax some HIPAA standards. This includes temporarily waiving medical professionals’ requirements to be in a healthcare facility or office when providing billable telehealth services.
Typically, using personal mobile devices to communicate protected health information would also violate HIPAA protocols. While the COVID-19 emergency waiver is in effect, mobile devices can be used to provide telehealth services. Yet, it’s still crucial to ensure that the technology used protects patient privacy and data security.
Here’s what healthcare providers should pay attention to when choosing a platform for practicing telemedicine:
- How will the communication between the healthcare provider and patient be secured and stored?
- Does the chosen platform have an interactive video and audio system for quality two-way communication?
- Does it provide an option for a patient to consent to using telehealth technology and attending virtual medical appointments?
- Can a patient log in through a secure portal?
Benefits of Telehealth
The benefits of telehealth are varied and many. Here are some examples:
- Reduce the Spread of Infection. Telehealth solutions enable physicians to examine and speak with patients without risking further spread of the COVID-19 virus or cold/flu in doctor’s offices, hospitals, and urgent care facilities.
- Extend Reach. Telemedicine also extends the reach of quality care to access to patients in rural locations. It makes it easier for a limited number of doctors to diagnose and treat a large number of patients in diverse, far-reaching geographic locations with minimal travel.
- Increase Time Spent with Patients. Doctors spend just 27% of their time treating patients—the rest is spent on administrative tasks. Technologies like telemedicine allow doctors to spend more time seeing patients.
- Focus Time on Patients in Most Need. Level 1-3 visits take up precious office hours, resulting in longer wait times for patients with more demanding needs. By using telemedicine for straightforward, low-complexity visits like maintenance check-ins and prescription refills, doctors can reserve in-person time for level 4 and level 5 visits.
- Provide Better Continuity of Care. Technology can allow doctors and patients to stay connected between visits, promoting more regular interaction around topics like test results, refills, questions, treatments, clarifications, and health updates.
Telemedicine has created an environment that helps eliminate canceled appointments, allows people from rural areas or with limited mobility to have comprehensive online medical appointments, and helps patients avoid highly contagious healthcare facilities.
Many healthcare providers were surprised by the relaxed HIPAA regulations. Regardless of how long these relaxed regulations will exist, it’s always essential to comply with HIPAA requirements and protect your patients’ personal information.
At Dolbey, we’re making telemedicine even easier for clinicians with our voice recognition solution, Fusion Narrate. Get in touch with us to learn more about our cutting-edge voice recognition technology that can help you ensure accuracy and compatibility in your healthcare facility.