COVID-19 changed how America and the world views telehealth.
Many clinicians who had not fully embraced telehealth before the pandemic have come to rely on it for seeing patients. And, likewise, patients who had never tried it before now see the convenience and benefits—and now fully expect it to be available to them.
The necessity of being able to help patients without their having to leave home was the primary driver of telehealth’s growth during the pandemic. However, targeted deregulation and revised reimbursement arrangements also played a role in telehealth’s expansion. In particular, the HHS Office for Civil Rights announced it will exercise its enforcement discretion and not impose penalties against covered healthcare providers for noncompliance with the HIPAA Privacy, Security, and Breach Notification Rules in connection with the good-faith provision of telehealth.
This moratorium on HIPAA compliance has enabled patients and providers to connect over video platforms like Skype; however. these types of platforms can be limited in terms of bandwidth use, other functionality, and regulatory compliance.
HIPAA compliance enforcement can be resumed at any time
Be careful with the makeshift or “temporary” tools you might be using because even though enforcement of HIPAA-compliant telehealth is temporarily constrained, it won’t last forever. In fact, historically, federal oversight agencies have been known to resume enforcement without much warning.
If you have a telehealth solution that’s not designed specifically for healthcare, you might be caught by surprise when the Department of Health and Human Services, Office of Civil Rights (OCR) comes knocking. And fixing things overnight won’t be an option. When it comes to technology, getting implementation right can be tricky.
According to OCR’s “FAQs on Telehealth and HIPAA during the COVID-19 nationwide public health emergency,” physicians are temporarily allowed to use non-public-facing technology to conduct telehealth visits, including: Apple FaceTime, Facebook Messenger, Google Hangouts, Whatsapp, Zoom, or Skype.
But, as soon as the temporary reprieve on HIPAA enforcement is lifted, physicians will need a telehealth platform that is purpose-built for healthcare to help ensure HIPAA compliance.
Selecting a telehealth partner that has dedicated experience in healthcare and has built-in technology that help support HIPAA compliance will not only save you time, but also money and headaches down the road. No one wants to face a HIPAA violation or a lawsuit for inadvertently breaching a patient’s privacy rights by using a noncompliant solution. It’s better to adopt a solution now that you won’t have to abandon later.
Preparing for HIPAA-compliant telehealth
Unquestionably, televisits are here to stay. A recent study issued by management consulting firm, McKinsey & Company, says telehealth use now is 38 times higher than before the pandemic. New use cases are proving themselves every month, such as in mental health, triage, during transport, the use of third-party clinical networks, post-discharge monitoring, home health support, and much more.
This makes right now an excellent time to prepare for the ongoing use of telehealth programs—and for HIPAA compliant telehealth solutions.
What is HIPAA-compliant telehealth?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) does not have specific rules for telehealth. Rather, it requires telehealth to comply with all HIPAA requirements, the same way a healthcare provider would have to comply with an in-person visit.
According to the Center for Connected Health Policy’s fact sheet on HIPAA and telehealth, “HIPAA compliance entails an organized set of secure, monitored, and documented practices within and between covered entities.” No particular product can guarantee HIPAA compliance, but some “may contain elements or features that allow them to be operated in a HIPAA-compliant way,” the Center says.
How to be HIPAA-compliant
Telehealth.org, a leading global telehealth training institute, offers these five key tips for HIPAA-compliant telemedicine:
- Use trusted vendors. Use a telehealth vendor designed specifically for healthcare. For a software provider to be HIPAA compliant, they must have security measures to secure protected health information (PHI) and be willing to sign a business associate agreement (BAA).
- Secure data. Make sure the data security measures of your HIPAA-compliant vendor includes safeguards to ensure the confidentiality, integrity, and availability of PHI.
- Control access to data. Part of HIPAA compliance is limiting PHI access to the “minimum necessary” required to complete a job function. As such, HIPAA compliant tools must allow users to designate different levels of access to PHI through the use of unique login credentials.
- Track data use and disclosure. To ensure adherence to the “minimum necessary” standard and facilitate early detection of breaches, PHI access must be tracked for each user. HIPAA compliant tools for telemedicine allow users to keep audit logs that distinguish PHI access on a per user basis.
- Train staff. HIPAA compliance can only be as good as the staff trained to use your telehealth software. Make sure your staff is well trained before they begin using it.
Why go to all this trouble? Ultimately, it’s good for providers and patients.
“When virtual health works, provider organizations and their patients can make new strides toward that ‘triple aim’ of access, quality, and cost,” according to the consulting firm’s recent analysis on telehealth and security. “But virtual health won’t work that way until a critical mass of people is comfortable using it, and people won’t feel comfortable until they’re confident it’s secure.”
About Caregility’s HIPAA-compliant telehealth platform
Caregility offers a comprehensive, HIPAA-compliant virtual care platform that connects all patient and clinician environments. Attached to the platform are Caregility’s Access Point of Care Systems which are video-enabled and located wherever patients or clinicians are: in hospitals, post-acute facilities, outpatient clinics, and homes.
Whether used for continuous or intermittent patient observation, ad hoc patient check-ins, assessments, interventions, scheduled specialty consults, care team coordination and planning, or managing patients through transitions of care, the platform can enable any virtual care program.