Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker.
Telehealth HIPAA
Telehealth providers are at the cutting edge of new opportunities for bettering quality of care. However, because of innovations in technology that have allowed for telehealth and telebehavioral health providers to assume new niches in the industry, Telehealth HIPAA has become a grey area of dos and don’ts.
So how can telehealth providers understand their HIPAA requirements? And how can they ensure that they are maintaining telehealth HIPAA settings without compromising quality of care?
New Innovations, Same Compliance Requirements
The truth is, HIPAA compliance standards apply to all health care providers regardless of the means by which they deliver their care. But in a telehealth setting, cyber-security compliance and protections become an essential part of maintaining the privacy and security of electronic protected health information (ePHI).
ePHI is any demographic information that can be used to identify a patient stored, accessed, or transmitted in an electronic format. Common examples of ePHI include a patient’s name, date of birth, address, phone number, email address, insurance ID number, Social Security number, and any part of their medical record that is stored, transmitted, or accessed electronically.
Telehealth HIPAA is essential to mitigating the risk of a cyber-security incident, simply because of the nature of delivering care in a digital setting. Implementing a Telehealth HIPAA program is one of the most effective means of addressing cyber-security safeguards because of the standards built into the HIPAA Security Rule.
The HIPAA Security Rule mandates that all health care providers implement technical, physical, and administrative security safeguards to ensure the confidentiality, integrity, and availability of ePHI. That means that telehealth HIPAA will necessarily include the cyber-security protections that your practice needs to secure your patients’ sensitive health care information.
How to Tackle Telehealth HIPAA
When you’re creating a telehealth HIPAA program practice, here are the six factors you should keep in mind to address the full extent of HIPAA regulatory standards:
Self-Audits – An effective telehealth HIPAA program should give your practice the ability to audit yourself against the HIPAA Rules. This will give you a baseline of the deficiencies that you must address to safeguard ePHI.
Remediation Plans – To prevent HIPAA violations, your telehealth HIPAA program should give you the ability to build actionable plans to remedy any areas of the law that you aren’t currently addressing.
Policies, Procedures, Employee Training – HIPAA policies and procedures must be updated annually, and your telehealth HIPAA program should give you the ability to both craft and review them as time goes on. Additionally, all staff members must receive HIPAA training year after year–and your HIPAA program should reflect that.
Documentation – Documenting your progress is perhaps the most important component of your telehealth HIPAA program. Documentation must be retained for 6 years as per federal regulation.
Business Associate Management – Managing vendors with whom you share ePHI is an essential component of HIPAA. This includes all video-chat clients and telehealth platforms used by your practice. Your telehealth HIPAA program should include Business Associate Agreements executed before any ePHI is shared.
Incident Management – Even with an effective telehealth HIPAA program in place, you still may face a data breach. Telehealth HIPAA can protect your practice from liability in the event of a breach, which is why another essential component of telehealth HIPAA includes tracking and reporting data breaches to HHS as they occur.
HIPAA Resources
Recent Webinar: Cyber-Attacks: Top 5 Things You Can Do Tomorrow Morning to Protect Your Practice
Recent Webinar: Social Media and HIPAA Compliance: Protecting Your Practice in the Digital Age
Visit our other On-Demand Webinars
If you need assistance with HIPAA compliance, consider working with our TBHI affiliate, the HIPAA Compliancy Group. (When you purchase services from them, TBHI will be paid a small commission.) They can help you support your HIPAA compliance with The Guard®. The Guard is a web-based HIPAA compliance solution, built by former auditors to help simplify compliance. The Guard is built to address the HIPAA regulations, including guided walkthroughs of HIPAA Risk Assessments. With The Guard, you can focus on running your practice while keeping your patients’ data protected and secure.Compliancy Group’s team of expert Compliance Coaches® can also field questions and guide you through the implementation process, taking the stress out of managing compliance. Find out more about how Compliancy Group and the HIPAA Seal of Compliance® can help simplify your HIPAA compliance today!
Basic Telehealth Legal & Ethical Rules: HIPAA, Privacy, Working Across State Lines, Malpractice Insurance
Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!
Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.
My wife recently started using telehealth videoconferencing for her patients. She has tried a few, like doxy.me, zoom.us, etc… The best one we’ve found so far is hippavideo.net. I think this is the one she’ll be sticking with, as it’s fully hipaa compliant and it has the best feel & features. My main concern is services claiming to be fully compliant but lacking in some areas, such as facetime, etc… I’ve read a few articles about services making the claims but missing certain avenues of compliance. This led us to do indepth research into these services before choosing one. My advice, always ask questions and read the fine print thoroughly.
AD,
Asking questions prior to purchase is so important that we actually developed a written list for professionals to ask video vendors when they are shopping for a platform. Asking all of them is a bit too much, but reading the list ahead of time to find 5-10 questions of particular interest for your needs can save you a lot of time and inconvenience in the long term. The list is available with our 1-hour course on how to choose a video-vendor, listed in our on-demand webinar course library here. Many professionals are allowed by their state licensing boards to earn 1 hour of CE or CME along with that same training, too.
The momentum for online sessions appears to be expanding in acceptance more each week. It always is surprising to me that people who are online all the time may be hesitant at first to try online virtual sessions. Looking forward to all the future has to bring in this area! Thank you.