Telehealth and HIPAA

Photo by National Cancer Institute on Unsplash

With the national emergency of COVID-19, many health providers are turning to alternative methods of providing health care to their patients. These include phone calls, video conferencing, internet sites, store-and-forward imaging, and streaming media to name just a few specific technologies. All of these technologies can broadly be considered Telehealth, as they are working to promote long-distance clinical health care.

In this middle of this national emergency, many providers sought to provide excellent clinical healthcare while maintaining social distancing. New technologies emerged, and many new and innovative ideas came to life. Now many providers are wondering whether these new innovations are compliant under HIPAA and HiTech certifications.

During the national crisis, you can place your concerns aside. The U.S. Department of Health and Human Services has stated that covered healthcare providers will not be subject to penalties for violations of the HIPAA Privacy, Security, or Breach Notifications rules that occur in the good faith provision of Telehealth during the crisis. Bad Faith actions would include using Telehealth services to conduct a criminal act, disclosing patient data beyond the Telehealth environment in violation of the Privacy Rule, violations of state licensing laws or professional ethics standards, and the use of public-facing remote communications products such as TikTok, Facebook Live, Twitch, or similar products.

When working with a Telehealth product, you should keep in mind these guidelines:

  • Generally, health care providers should conduct Telehealth in private settings.  Providers should always use private settings, and patients should not receive Telehealth services in public or semi-public locations (absent patient consent or exigent circumstances)
  • When choosing a Telehealth internet-based platform, be sure that the platform supports both individual user accounts, and the ability to encrypt the services from end to end. Most internet-based platforms offer these options in their services, but validating they are enabled and in use is a best practice for all Telehealth services.
  • You should have a Business Associate Agreement (BAA) signed with your Telehealth provider, especially those providing internet-based services.
  • Once Telehealth services are enabled, you are required to update your HIPAA Risk Assessment to include the Telehealth services within your overall practice risk assessment.

If you have further questions regarding HIPAA and Telehealth related services, Black Cat Security Partners is available to help answer them. We can also do many parts of the HIPAA Risk Assessment remotely. Please contact us to arrange for your free HIPAA Gap Assessment or to ask your cybersecurity questions.

Telehealth and HIPAA Read More »

Welcome to the Scratching Post

Welcome to the Scratching Post

You give your patients high-quality, personal care. Black Cat Security partners aims to give your practice the same kind of high-quality, personal care.

Part of that care is educating our customers.

You educate your patients so they can make better decisions about their health. We educate our customers so they can make better decisions about compliance and cybersecurity.

We provide resources to help our customers understand their responsibilities under HIPAA. We also discuss this with our clients as part of a HIPAA Gap Assessment, HIPAA Analysis, or HIPAA Audit.

Staying secure also means keeping ahead of the changing landscape of vulnerabilities and threats. Bad actors on the internet find new ways to attack businesses every day, so our security systems have to evolve, too.

We work to keep our customers and their patient data secure in this evolving landscape.
This blog is a resource of current information for our clients, including:

  • HIPAA regulatory changes that affect our customers
  • current vulnerabilities and cybersecurity threats
  • trends we are seeing
  • case studies
  • how to become and stay HIPAA compliant

Black Cat Security Partners aims to provide every service that you need for HIPAA compliance and Security – including serving as an information resource to our customers.

Welcome to the Scratching Post Read More »