Telemedicine in the Age of HIPAA Hyper-Awareness
The HIPAA Realities of Virtual Care and Instant Connections
Technology is powering a new generation of connected, collaborative care using telephonic and video conference call technology. But with this great power comes even greater responsibility for HIPAA-HITECH compliance. We are currently observing many providers utilizing cell phones and other common technologies to deliver care without realizing the implications of transferring PHI through a network that does not have adequate security controls.
According to the American Telemedicine association, over half of all U.S. hospitals now use some form of telemedicine. As the use of telemedicine increases, so do security concerns around establishing extended protection for PHI. If your healthcare organization is leveraging technology to facilitate provider-to-patient activities, and/or to collaborate on patient care among providers, it is important to closely evaluate the security controls of your chosen solution(s) – which, we must point out – are not in place for most readily available telephonic and video conferencing solutions.
Here are a few helpful tips to help you navigate the promise – and potential pitfalls – of connected care:
- Be sure your organization’s HIPAA Security Risk Analysis and Risk Management efforts are given continuing focus in your organization and with Business Associates.
- Always ensure there is a BAA in place for any client-server based solution. For instance, using Skype for audio or audio/visual communications where PHI is transferred requires a BAA with Microsoft to ensure you are compliant under HIPAA.
- Your IT/Information Security group should conduct a comprehensive security assessment of all existing assets with PHI, potential security gaps and known solutions. A good resource for identifying vendor partners can be accessed here.
- Patients should sign a separate consent for a Telemedicine appointment approving the electronic transfer of PHI, among other factors.
- Stay up to date on federal guidelines and recommendations regarding telemedicine. The most recently released guidance from the State Federation of Medical Boards can be found by clicking here.
- As always, any contracts and informed consent documents should be thoroughly reviewed by Legal Counsel.
Is your organization increasing its use of technologies to deliver remote care? What steps has your organization taken to ensure long distance care solutions align with HIPAA compliance efforts?
Latest posts by Bob Chaput (see all)
- HIPAA Risk Analysis Tip – What Level of Detail is Adequate? - April 29, 2017
- HIPAA Risk Analysis Tip – How Comprehensive Must Your HIPAA Security Risk Analysis Be? - April 25, 2017
- HIPAA Risk Analysis Tip – Does OCR really use the “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”? - April 23, 2017