In reality, several medical professionals have chosen telemedicine to provide medical services since the attack of the COVID-19 pandemic across the United States. Federal agencies have also promoted the use and implementation of popular technologies in order to provide greater flexibility for healthcare providers in the engagement of their patients in emergency crises. But healthcare providers remain concerned that the practice of telemedicine may contravene HIPAA provisions.
In reality, the use of telemedicine for secure and efficient healthcare is promoted by federal agencies. A good example of that was the Health and Human Services Department (HHS) notice where they pointed out that health care providers could use widespread communications software, even though the software did not meet HIPAA Privacy and HIPAA Security Requirements without fear of breaching HIPAA. This means that covered organizations will provide health care through “non-public facing.” audio or video communication technology.
To find out more, let us examine one of the most frequently asked questions about waivers from HIPAA and telemedicine response given by the Office of Civil Rights (OCR).
Question: If a health care covered provider who uses telehealth services during the COVID-19 outbreak is intercepted and electronically secured health information during transmission, is OCR to place a penalty on the operator for breaking the HIPAA safety rule?
No. During the Coronavirus national public health emergency, OCR shall exercise their authority in compliance and not penalize organizations for any infringement caused by the good faith provision of services to telehealth. OCR must take all the evidence and circumstances into consideration in determining what a good faith provision of telehealth services.
For example, if the operator follows notification terms and OCR instructions, OCR shall not penalize any organization in the event of an attack that reveals protected health information (PHI) in the course of a telehealth session.
In any event, OCR believes that many modern remote communication applications provide suitable security features to secure ePHI transmissions between providers of health care and patients. Video communication tool providers are aware of and have adequate protections within their implementations of privacy and security legislation, such as HIPAA.
Some suppliers also guarantee the signature of a HIPAA business associate agreement (BAA) and that they implement better safeguards in the telemedicine application to avoid data interception.
Healthcare services are allowed to use solutions provided by such suppliers, but would not be penalized because of the use of less safe solutions to provide patients with affordable and timely care during an emergency. Providers should also inform their patients of the possible privacy risks associated with such third-party applications as hacks or infringements, and providers should allow any necessary encryption and privacy modes when using such applications.
This also allows healthcare professionals to use common apps such as Zoom, Apple, Facebook, Google Hangouts, and Skype. However, modes of communication are not acceptable to public applications like Tik-Tok or Twitch.
It is said that the discretion of compliance will remain effective until an emergency ends. Even if the OCR gives such flexibility, companies should still use commonly accepted communication platforms that meet HIPAA’s requirements for privacy and security.
In addition, HIPAA Ready – a robust cloud-based HIPAA compliance management software should be used by organizations. In order to ensure compliance with HIPAA, HIPAA Ready will give the organizations the complete list of specifications. For instance, after completion of the training, organizations can issue certificates.
Even when operating remotely on their devices, employees can access the platform. Learn how HIPAA Ready would help by starting a free 14-day test (no credit card required) to get your HIPAA compliance program started.