When the pandemic first began impacting U.S. medical practices in 2020, many providers scrambled to get their telehealth systems up and running to meet the telehealth regulations. Today it’s a completely different landscape, with telehealth one of the norms in modern practices and many organizations declaring that telehealth is here to stay.
Even as these systems become commonplace, however, your compliance with HIPAA privacy and security standards, should stay at the top of your mind if you want to avoid fines topping $20,000 per violation.
Get to know the most important telehealth regulations to ensure you keep patient information private and safe.
1. Check Your Remote Communications for These Elements
If you’re like many other practices, you may have thrown together your telehealth plan over the course of a few days. Now that the dust has settled and the government’s telehealth requirements are more clear, it’s a good time to confirm that all of your remote communication systems include the elements that keep them HIPAA-compliant so you’re always protecting electronic protected health information (ePHI).
Your telehealth systems should:
- Only allow authorized users to have access to the ePHI: This means you’ll need to establish reasonable and appropriate safeguards to prevent ePHI from being disclosed to unauthorized parties. Hand out passwords to authorized employees, change them frequently, and disable them when employees leave your practice.
- Have a secure system of communication to protect the integrity of ePHI: When you adopt new telehealth technology, make sure it’s well-protected and secure, and that the licensing company signs a business associate (BA) agreement outlining how it will protect your PHI. Practices that use unsecure telehealth methods, like Skype or Facetime, are at serious risk, since these companies won’t sign a BA agreement and you have no guarantee that they’re protecting your communications.
- Maintain a system for monitoring communications containing ePHI to prevent breaches: Your communication systems should always be checked to confirm that aren’t easily breached. For instance, the system should have automatic log-off capabilities if it isn’t being used for a certain period.
2. Double-Check Data Tracking
Some telehealth programs or apps will allow the company that created the technology to track your data—who you talk to, when you had the conversation, or what you said. Where the HIPAA rules come into play is when the information collected through these tracking technologies includes PHI.
Example: Your provider downloads an app on the office iPad to use for telehealth consultations. Upon installing the app, a pop-up message says, “Allow this app to track you at all times?” You should click “No” or “Never” on this option. Otherwise, the app may have access to PHI, which could put you at risk of a violation.
3. Keep All Vendor Agreements in Writing
When it comes to telehealth communication companies, you must maintain written agreements with all vendors. If a company wants to keep a “gentleman’s agreement” with your practice about maintaining ePHI, then it’s time to move on to another vendor. By having the agreement in writing, you have documentation of the vendor’s pledge to keep private information well-protected.
4. Protect Stored Communications
If you’re saving any recordings or transcripts from your telehealth visits, you must protect those stored conversations by password-protecting them, and—whenever possible—encrypting them. Anyone who wants to access the stored PHI should have to go through an authentication process before being able to bring up the encrypted, protected ePHI. This will allow you to ensure you’ve protected it using the highest standards possible.
Stay on top of the telehealth compliance rules by checking out the recent online training, “Stop 2023 Telehealth Compliance Errors, Avoid Hefty Penalties.” During this one-hour training, healthcare attorney Amanda Waesch, Esq., will walk you through the most essential privacy plan elements so your telehealth systems don’t get you into trouble. Don’t wait—sign up today!
 |
Subscribe to Healthcare Practice Advisor |
| Get actionable advice to help improve your practice’s reimbursement, compliance, and success in this weekly eNewsletter. |
|
|
|