July 2, 2020
Ever thought you’d be saying “What’s up Doc?” on a video chat from home? Telehealth has made remote visits a new reality – though not all telehealth providers have been created equal when it comes to being HIPAA compliant. Why is it important for telehealth to be compliant? 90% of healthcare executives have already or are planning to adopt telehealth services within their operations, and as remote patient care continues to explode in popularity so do the risks to compromising that patient information.
Part of telehealth’s current popularity is due to COVID-19. To best meet the urgency brought on by COVID-19, the Office for Civil Rights (OCR) provided an update to the provision of telehealth services allowing providers to use any form of non-public facing video communications with patients, even if they weren’t considered ‘HIPAA compliant.’ While this enforcement discretion is only temporary, we can predict that the general public will prefer to keep their distance and avoid face-to-face doctor visits if possible for the foreseeable future. In fact, a recent study found that 74% of Americans would be comfortable and willing to use telehealth services for their doctors appointments.
While COVID-19 has made a major impact on telehealth services, the ability to provide care remotely has been growing in popularity for several years. The value of telehealth goes beyond allowing for social distancing between patients and providers, including:
- Removing access barriers to older or disabled patients unable to easily get to the doctors office
- Allowing providers to see more patients within a shorter period of time
- Reducing likeness of no-shows or canceled appointments
- Decreasing overhead costs and expanding profits
With all the benefits presented in utilizing telehealth services, there are also additional risks to be aware of. The following are some key recommendations for implementing telehealth in the most secure way possible:
- Use a HIPAA Compliant Telehealth Provider – like Abyde’s trusted telehealth partner, Updox
- If using a telehealth mobile app, make sure the device being used is password-protected and that you have a secure login to the telehealth software
- Provide additional employee HIPAA training on using telehealth specifically
- Get explicit permission from patients to contact them remotely, such as sending an ‘opt-in’ confirmation.
- Ensure all remote communications with patients (even just to discuss the appointment time or a follow-up visit) are done in a secure manner.
- Enter into Business Associate Agreements with all vendors involved in your telehealth program. This includes the telehealth service provider as well as any encryption companies that you may utilize.
The explosion of telehealth providers to meet the new demand after COVID-19 has seen some great – and some not so great – products within the telehealth market. If you are looking into adding a telehealth solution, be sure it is one that has proper safeguards and programming to prevent and contain possible cyber threats. An unsecured telehealth provider could make your patient data vulnerable – such as chatbot and telehealth startup Babylon Health, whose users found dozens of videos of other patients’ appointment consultations in their app due to a software glitch. While the issue was quickly corrected, implementing a non-compliant telehealth app creates a high risk for potentially compromising patient data.
As the healthcare industry continues to implement technology solutions, it’s important to ensure that sensitive patient information remains safeguarded from additional risks that technology presents. Utilizing HIPAA compliant providers for telehealth and having the proper Business Associate Agreements in place are key to providing the most effective and protective services for your patients.