Telemedicine has been around for years, but as a healthcare service it has been underutilized. Today, virtual visits for medical care have skyrocketed because of the COVID-19 outbreak and other factors.
Telehealth is experiencing a revolutionary moment like never before. By the end of 2020, virtual medical care usage is estimated to reach upwards of 1 billion interactions, according to analysts at Forrester Research.
In addition, some restrictions that were barriers to entry before have been lifted in response to the public health pandemic. And in March 2020, the Trump Administration expanded Medicare's coverage allowing beneficiaries to receive more extensive care through telehealth visits. These are done using video and audio applications.
With the advent of stay-at-home orders and social distancing, technology is healthcare's solution for delivering continuous patient care. Tech tools' enable widespread access, bringing an unprecedented reach to a larger patient population.
For medical practitioners, the shift of using video platforms to communicate can come with risk and HIPAA compliance concerns. OCR asks that telehealth sessions be conducted in a private environment. Sometimes this could be achieved with a simple task such as closing an office door or lowering one's voice.
The Office for Civil Rights has issued an announcement, guiding on which audio and video communication platforms are acceptable and not acceptable for patient interactions during the coronavirus pandemic.
As stated officially by OCR on its website:
"OCR will exercise its enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency."
In this blog post, we will highlight some of the video communication platforms that follow OCR's public health emergency guidance. Of course, keep in mind that compliance regulations might change in upcoming months.
Telehealth video calling platforms to use amid the pandemic
Under OCR's notice, covered healthcare providers can use certain platforms for non-public facing video communications with patients, as these platforms are HIPAA compliant and will enter into Business Associate Agreements (BAAs).
Some of these are:
- Skype for Business / Microsoft Teams
- Updox
- VSee
- Zoom for Healthcare
- Doxy.me
- Google G Suite Hangouts Meet
- Cisco Webex Meetings / Webex Teams
- Amazon Chime
- GoToMeeting
- Spruce Health Care Messenger
It's important to note that these technological tools are third-party providers and they may pose privacy risks. However, using FaceTime, for instance, during the pandemic is not necessarily a compliance violation, depending on a case by case basis.
What if patient does not have access to video telehealth formats
If the telehealth session is being conducted in good faith during this public health emergency, then OCR permits the use of audio methods like wireless phone, landline phones to conduct the session. If using email or texting, they ask the covered entity to try and utilize safeguards whenever possible, such as secure email or secure texting.
Avoid using TikTok for telehealth sessions
On the other hand, OCR stated the following public-facing applications are not to be used when providing telehealth services, even during the public health crisis. OCR is not the sole government agency warning about TikTok's security implications. The wildly popular app has come under fire for underage privacy and international security concerns by U.S. lawmakers and security professionals. Using public-facing communications could be an evidence of bad faith on the part of the provider, which could make the provider liable for OCR enforcement actions.
Avoid using these platforms for telehealth:
- Facebook Live
- Twitch
- TikTok
Not only that, the guideline explains to avoid using any public-facing technology, meaning the session can be seen by a group.
For privacy protections and peace of mind, OCR advises to turn to HIPAA compliant technology platforms. There are vendors available, who will enter into a HIPAA Business Associate Agreement with a covered entity. Check with the vendor to see if that's the case. When in doubt, reach out to third-party HIPAA experts to ensure your following compliance regulations as you transition to doing telehealth.
For further knowledge about this subject matter, check out the resources below.
Webinar: Disrupting Healthcare: What's Next?
Join Randy Parker, a digital health pioneer and founder of MDLive, speak about the early days of telemedicine, and what's next for healthcare disruption. You can join this webcast by registering here to view it here.
Resource guide: HIPAA Compliance
To help you better understand compliance, we have outlined in detail the ins and outs of HIPAA compliance. You can access that information by visiting this link.
Flowchart featuring Steps and Process
This flowchart will prompt you along the HIPAA compliance journey.
Final thoughts
While the world and the way we live, do business and practice medicine, it's important to use proper communication tools for quality care and beyond.
For medical providers and Business Associates, protecting health records and patient data privacy is still a huge responsibility, whether virtually or not. Eventually, the public health crisis will end, hopefully sooner than later, and we can return to our lives.
Until then, following best practices for HIPAA compliance is wise and recommended. Also, stay safe and secure online.
Visit OCR's new HIPAA and COVID-19 web page here.
This blog post was originally published on April 17, 2020 and has since been updated.
