<img height="1" width="1" src="https://www.facebook.com/tr?id=156746741685952&amp;ev=PageView &amp;noscript=1">
SCHEDULE A CALL
Show all

Telehealth, Video Tech Tools and HIPAA Compliance

Telemedicine has been around for years, but as a healthcare service it has been underutilized. Today, virtual visits for medical care have skyrocketed because of the COVID-19 outbreak and other factors.

Telehealth is experiencing a revolutionary moment like never before. By the end of 2020, virtual medical care usage is estimated to reach upwards of 1 billion interactions, according to analysts at Forrester Research. 

In addition, some restrictions that were barriers to entry before have been lifted in response to the public health pandemic. And in March 2020, the Trump Administration expanded Medicare's coverage allowing beneficiaries to receive more extensive care through telehealth visits. These are done using video and audio applications. 

With the advent of stay-at-home orders and social distancing, technology is healthcare's solution for delivering continuous patient care. Tech tools' enable widespread access, bringing an unprecedented reach to a larger patient population.

For medical practitioners, the shift of using video platforms to communicate can come with risk and HIPAA compliance concerns. OCR asks that telehealth sessions be conducted in a private environment.  Sometimes this could be achieved with a simple task such as closing an office door or lowering one's voice.  

The Office for Civil Rights has issued an announcement, guiding on which audio and video communication platforms are acceptable and not acceptable for patient interactions during the coronavirus pandemic. 

As stated officially by OCR on its website:

"OCR will exercise its enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency."

In this blog post, we will highlight some of the video communication platforms that follow OCR's public health emergency guidance. Of course, keep in mind that compliance regulations might change in upcoming months.

Telehealth video calling platforms to use amid the pandemic

Under OCR's notice, covered healthcare providers can use certain platforms for non-public facing video communications with patients, as these platforms are HIPAA compliant and will enter into Business Associate Agreements (BAAs).

Some of these are:

  • Skype for Business / Microsoft Teams
  • Updox
  • VSee
  • Zoom for Healthcare
  • Doxy.me
  • Google G Suite Hangouts Meet
  • Cisco Webex Meetings / Webex Teams
  • Amazon Chime
  • GoToMeeting
  • Spruce Health Care Messenger
Zoom is on this list, but with the recent rise in security attacks from threat actors joining Zoom meetings uninvited, we have seen advice from various  entities to use a different video platform when communicating with patients, until all security and privacy issues with Zoom are fixed. No one wants to deal with Zoom-bombing during an important medical visit. 

It's important to note that these technological tools are third-party providers and they may pose privacy risks. However, using FaceTime, for instance, during the pandemic is not necessarily a compliance violation, depending on a case by case basis. 

What if patient does not have access to video telehealth formats

If the telehealth session is being conducted in good faith during this public health emergency, then OCR permits the use of audio methods like wireless phone, landline phones to conduct the session. If using email or texting, they ask the covered entity to try and utilize safeguards whenever possible, such as secure email or secure texting.  

Avoid using TikTok for telehealth sessions

On the other hand, OCR stated the following public-facing applications are not to be used when providing telehealth services, even during the public health crisis. OCR is not the sole government agency warning about TikTok's security implications. The wildly popular app has come under fire for underage privacy and international security concerns by U.S. lawmakers and security professionals.  Using public-facing communications could be an evidence of bad faith on the part of the provider, which could make the provider liable for OCR enforcement actions. 

Avoid using these platforms for telehealth:

  • Facebook Live
  • Twitch
  • TikTok

Not only that, the guideline explains to avoid using any public-facing technology, meaning the session can be seen by a group. 

For privacy protections and peace of mind, OCR advises to turn to HIPAA compliant technology platforms. There are vendors available, who will enter into a HIPAA Business Associate Agreement with a covered entity. Check with the vendor to see if that's the case. When in doubt, reach out to third-party HIPAA experts to ensure your following compliance regulations as you transition to doing telehealth. 

For further knowledge about this subject matter, check out the resources below. 

Webinar: Disrupting Healthcare: What's Next?

Join Randy Parker, a digital health pioneer and founder of MDLive, speak about the early days of telemedicine, and what's next for healthcare disruption. You can join this webcast by registering here to view it here.

Resource guide: HIPAA Compliance

To help you better understand compliance, we have outlined in detail the ins and outs of HIPAA compliance. You can access that information by visiting this link. 

Flowchart featuring Steps and Process

This flowchart will prompt you along the HIPAA compliance journey.

Download This Free HIPAA Compliance Flow Chart

 

Final thoughts

While the world and the way we live, do business and practice medicine, it's important to use proper communication tools for quality care and beyond.

For medical providers and Business Associates, protecting health records and patient data privacy is still a huge responsibility, whether virtually or not. Eventually, the public health crisis will end, hopefully sooner than later, and we can return to our lives.

Until then, following best practices for HIPAA compliance is wise and recommended.  Also, stay safe and secure online.

Visit OCR's new HIPAA and COVID-19 web page here.

This blog post was originally published on April 17, 2020 and has since been updated.  

Andrea Richard
Andrea Richard

Andrea Richard is a Customer Acquisition Specialist at 24By7Security. Her background is in journalism, public relations, content creation and events marketing. She has won awards for feature writing and investigative journalism and brings a unique perspective to her current role.

Related posts

July 27, 2020
July 21, 2020
July 14, 2020

Comments are closed.

Does the HIPAA Privacy Rule apply to the Novel Coronavirus (COVID-19)?
Breach Risk Analysis: A four-step plan
Subscribe to our Blog!