Telehealth is a term covering patient appointments and medical practitioner consultations utilizing phone or computer based teleconferencing methods, as well as other technological means of sharing or processing health information.
These practices were gaining favor before the COVID-19 crisis, and have become a valuable means of communicating with patients during this time when isolation has become necessary to insure safety. This has triggered a few changes in the HIPAA rules governing telehealth methods.
HIPAA refers to the Health Insurance Portability and Accountability Act, passed in 1996. HIPAA rules protect the privacy of patient information.
Do HIPAA principles apply to telehealth interaction? Let’s take a look at the issue.
Telehealth and Telemedicine
What’s the difference? Telemedicine refers to the remote diagnosis and treatment of patients using technological communications. Telehealth is a broader topic that refers to all types of healthcare activities and components managed and transmitted by technological means.
HIPAA Rules and Telehealth
Any rule that applies when serving patients in person or preparing information on paper also applies to telehealth activities and sharing of information. Refer to the official HIPAA rules for security and privacy whenever telehealth activities are conducted in any form or by any means.
HIPAA Applies to Consultations With Medical Practitioners
When a primary provider of medical services consults with another regarding a patient, HIPAA rules must be followed by both parties when information is transferred. Patient privacy and restricted access to personal information is always of primary importance.
Technology Management Companies Must Follow HIPAA Rules Too
Most medical practitioners and enterprises employ companies which specialize in technology management. Such companies and each of their employees are bound by all of the HIPAA rules also. Practitioners should be certain the technology management company they employ is aware that it is imperative to thoroughly educate each of their associates regarding these rules and to verify that they are strictly followed.
In order to insure that the consulting companies abide by HIPAA rules, providers may need to enter into business associate agreements with these companies.
The Necessity of Security Risk Analysis
All entities involved with telehealth must perform a security risk analysis. The analysis must cover the potential risk and vulnerability involved when the entity creates, maintains, receives and transmits any type of ePHI (electronic protected health information).
The analysis must define and address the risk when ePHI is transmitted by any media, including, but not limited to: hard drives, DVDs, smart cards, personal digital assistants, or portable electronic storage devices.
Technology that Helps Assure Privacy
No technology is a substitute for an organized, documented set of security practices, understood by all employees who come into contact with patient medical information. But advanced encryption features can help companies maintain compliance by protecting privacy. These features make it unlikely that any unauthorized individual or entity will be able to access personal information.
COVID-19 and Telehealth Guidelines
The current situation regarding COVID-19 has triggered adjustments to HIPAA telehealth guidelines, so practitioners may better serve patients while preventing the spread of the virus. In order to stay up to date on guidelines for compliance, visit the Center for Connected Health Policy site for updates on COVID-19 telehealth policies and specific state actions.
Any means of non-public facing audio or video communication may be utilized to converse with patients during the current pandemic conditions, whether or not the contact is related to COVID-19 diagnosis or treatment. Utilizing this technique will help patients to receive the support of medical practitioners while they “shelter in place”, staying safe from the risk of contracting COVID-19 from others or spreading the disease if they are suffering themselves.
This U.S. Department of Health and Human Services post details the current policy.
Telehealth is a valuable tool for serving patients effectively. Its expanded use will likely continue in the future.
WheelHouse IT provides specialized IT Managed Services that can help achieve business goals. We understand the complexities of healthcare IT and can offer assistance in maintaining compliance with HIPAA rules and protecting patient privacy.