fbpx

Using Telehealth During the COVID-19 Crisis

Tracy Hardin/Last Updated October 23, 2020

In recent years there has been an increase in the use of telehealth and remote management tools as options for maintaining patient well-being. If you’re not familiar with these, the HHS’ Health Resource & Services Administration (HRSA) defines telehealth as “the use of electronic information and telecommunications technologies to support and promote long-distance clinical health care, patient and professional health-related education, and public health and health administration. Technologies include videoconferencing, the internet, store-and-forward imaging, streaming media, and landline and wireless communications.” These services may be conducted through audio, text messaging or videoconferencing.

In light of the COVID-19 pandemic, the HHS Office for Civil Rights has announced that for HIPAA-covered healthcare providers, a Notification of Enforcement Discretion will be applied that relaxes the HIPAA compliance in relation to telehealth. This notice covers “all services that a covered health care provider, in their professional judgement, believes can be provided through telehealth in the given circumstances of the current emergency”. They define these covered entities as such if they “transmit health information in electronic form in connection with a transaction for which the Secretary has adopted as standard”. A health insurance company that pays for telehealth services is “not covered” by this notice. This will include the remote diagnosis and treatment of patients via a telehealth service. Additional details from the Notification of Enforcement Discretion indicate that this applies to “Penalties for violations of the HIPAA Privacy, Security, and Breach Notification Rules that occur in the good faith provision of telehealth during the COVID-19 nationwide public health emgency”. This notice currently does not carry an expiration date.

Communication Platform Options

telehealth doctor on laptop

The Notification of Enforcement Discretion is only applicable to communication tools that are NON-PUBLIC facing. The end to end encryption that these HIPAA compliant solutions usually include will reduce the interception of personal and private health information. Some of these include Apple FaceTime, Facebook Messenger (but not Facebook Live) and WhatsApp. These applications give the user controls that include muting and recording the conversation.

Healthcare providers must conduct telehealth treatment in private settings and locations. If this is not an option, lowered voices, not using the speakerphone, and reasonable space and distance between others.

Like many of the standard policies and procedures that are in place, modifications had to be made to accommodate this situation. Government agencies have seen that need and made changes accordingly in an effort to tackle these unprecedented times. Having a strong HIPAA program and trusted security advisor in place can assist you in understanding how your company will be affected and how to proceed best.

We are a proud partner of HIPAA Secure Now!, a company of HIPAA experts dedicated to helping medical entities stay compliant and keeping their data safe.  Thank you HIPAA Secure Now! (www.HIPAAsecurenow.com) for the contents of this article.

Want more cybersecurity tips to help keep your business safe & secure? Sign up for our email newsletter and have new articles & tips delivered straight to your inbox monthly.

Posted in ,

Tracy Hardin

Tracy Hardin is President and founder of Next Century Technologies in Lexington, KY. She has a bachelor's degree in computer science from the University of Kentucky and has earned certifications from Novell, Cisco and CompTIA. Her specialties in the field of IT are network design and security, project management and improving productivity through technology. She loves helping people by sharing her knowledge of tech.