Telehealth and COVID-19, Protecting ePHI

Medical professionals discovering telehealth. Healthcare medical and doctor staff services.

What is Telehealth?

The Health Resources Services Administration (HRSA) defines telehealth as, “the use of electronic information and telecommunications technologies to support long-distance clinical health care, patient and professional health-related education, public health, and health administration. Technologies include videoconferencing, the internet, store-and-forward imaging, streaming media, and terrestrial and wireless communications.”

In today’s healthcare landscape, telehealth technologies help bridge the gap between patients and providers, ensuring patients can continue to receive the highest level of care even when they're unable to physically visit a physician.

How has COVID-19 Impacted the use of Telehealth?

The COVID-19 pandemic has disrupted the traditional means of patients seeking treatment (in-person) and has accelerated the need for hospitals and clinics to adopt telehealth technologies. As organizations adopt these new technologies, precautions and appropriate safeguards should be taken to ensure ePHI stays secure.
Healthcare organizations can proactively take steps to secure and protect PHI by being aware of the potential risks involved and what to do to prevent security violations. Providers looking to securely use telehealth technologies should consider platforms that fully encrypt data, ensure a private network connection, and do not store video.

Staying Safe and Cyber-Secure Through Telehealth

In addition to the list above, the following security precautions should be taken to prevent the misuse of telehealth:

Using a secure platform

To help, “empower medical providers to serve patients wherever they are during this national public health emergency”, Health and Human Services (HHS) issued guidance and enforcement discretion for organizations to be able to implement tools to provide routine care for patients with chronic diseases and high risk factors.

It's a necessity that telehealth be operated on a secure platform. Of the available communication platforms, only a select few are regarded as secure and appropriate for telehealth uses. As part of the guidance issued by the OCR, the following ‘non-public’ facing communication platforms have been approved for use during this time:

  • Apple FaceTime
  • Facebook Messenger video chat
  • Google Hangouts video
  • Skype
Platforms that are considered ‘public-facing’ and do not have the appropriate security measures that promote privacy and are regarded as inappropriate include but are not limited to:
  • Facebook Live
  • Twitch
  • TikTok
  • Chat rooms

Secure Endpoints

Endpoints such as laptops, phones, and tablets allow healthcare providers the flexibility to perform telehealth visits in various locations, however, increase the risks of breaches and inadvertent PHI disclosures go up significantly. It’s vital to secure and control the data being accessed as well as the security of the locations the devices are being used from. It is also important to implement encryption, multi-factor authentication and other security controls for the endpoints in use. Providers are encouraged to notify patients about privacy risks and should enable all available encryption or privacy modes when using such applications.

Business Associate Agreements

A Business Associate Agreement (BAA) is the best way to protect your practice or organization. Having a BAA is essential to manage liability in the event of a breach. Ensuring there is a BAA in place will grant shared liability and sustain a high-level of security and privacy.

How to achieve compliance?

The security, policies, procedures, and enforcement required to adhere to HIPAA regulations and correctly implementing a telehealth solution can seem complex. That's why at HIPAA One, we've chosen to simplify these procedures and ensure complete compliance is easily attainable. HIPAA One offers various training courses that are created to address the proper use of information and how to prevent theft. The HIPAA One training includes details regarding what safety measures providers are recommended to apply. Disregarding HIPAA compliance may result in hefty fines because of PHI breaches. HIPAA One is here to help so you can easily achieve compliance and handle audits together.

Taking all these precautions will allow practitioners to stay safe while maintaining PHI security. For more information view our Telehealth, HIPAA, and the CARES Act Webinar.
Providers

64,000+

Providers

Locations

7,000+

Locations

Pass-Rate

100%

Pass Rate

five star review

5/5

Star Reviews

Let HIPAA One do the heavy lifting for your company when it comes to compliance. Make us part of your team to stay up-to-date, stay automatically compliant, and most importantly, protect your client's information.

Simplify HIPAA COMPLIANCE

Join Us in Our Mission to Simplify HIPAA Compliance!

Simple. Automated. Affordable.

Scroll to Top