QUESTION: We heard that HIPAA allowed any technology for telehealth exams during the pandemic. While researching the options, Zoom was a low barrier entry due to low monthly cost and single sign on function. We have read reports of some companies banning the technology because of security issues. However, we’ve also read that during this emergency, communication platforms will not lead to HIPAA violations. Does that mean we can safely continue to use Zoom?
Question from Bloomington, IN Subscriber
ANSWER: You are correct that HIPAA did reduce the systems’ compliance requirements during the pandemic. HOWEVER, if something happens and a patient complains, you can still be fined!
The federal government has issued a memorandum indicating that they will not issue any HIPAA penalties for any provider delivering telehealth utilizing a non-HIPAA compliant platform during this COVID-19 crisis. OCR will not be auditing anyone for these exceptions.
The government has also come back and warned practices that they have put too much weight in the notification. Technology must still be used in good faith to protect a patient’s privacy.
It is critical that your technology doesn’t easily allow a breach. If a patient complains, you could be faced with a patient-privacy violation lawsuit.
The security risks associated with Zoom have led many companies to ban employee use of the technology. The last weeks have seen increases in ‘Zoom bombing’ from the dark web in which pirates are selling patient ids and other information taken from recordings. Zoom has released a new update that added a password sign. This is supposed to be more secure than the previous version. The added step may not be as convenient, but it could add a layer of protection. For other technologies you could use, see List of HIPAA-Compliant Vendors.
Although HIPAA regulations have been relaxed, they have not been removed, but don’t panic—attorney and HIPAA specialist, Gina Campanella, Esq., FACHE, has your back. During her online training session “HIPAA Coronavirus Waivers Ease Your Compliance Requirements,” you’ll receive a step-by-step breakdown of HIPAA changes and what you need to do to comply. Gina will clearly explain—in plain-English—exactly how you can compliantly communicate with patients, family members, and other individuals.
COVID-19 Practice Management Resources
. | ||||||||||
Avoid Losing COVID-19 Provider Emergency Relief Fund Payments |
Avoid Post-COVID-19 Trouble: Comply with CMS Copay Waivers | HIPAA Coronavirus Waivers Ease Your Compliance Requirements | ||||||||
|
|
|