Keeping Telemedicine HIPAA Compliant
The healthcare industry is currently experiencing two major trends that are on a potentially dangerous collision course, reports Bardy Ranum of Dizzion, a cloud-delivered desktop and end-user computing solutions provider. The rise of telemedicine (and the corresponding increase in remote workers) and a spike in healthcare data breaches.
As early as 2014, a telemedicine survey by Foley & Lardner found that an astonishing 90 percent of healthcare organizations had already implemented or began developing a telemedicine program. Much of this has taken the form of remote appointments and monitoring, with the American Hospital Association finding that “70 percent of patients are comfortable communicating with their health care providers via text, e-mail or video.”
As PHI and health services are put into the hands of more service providers outside traditional settings it’s imperative that healthcare organizations and their business associates have solutions in place to enhance security and strengthen compliance measures.
Securing and protecting PHI has proven difficult enough for many organizations, with breaches commonly caused by unauthorized employees accessing records and the loss, theft or leak of unencrypted data. The rise of telemedicine adds another layer of complexity to the situation. Now PHI is being regularly discussed and transferred electronically and in real-time via voice, video and files – sometimes with providers in the healthcare organization’s physical location, sometimes with contractors at a call center and sometimes with work at home care givers.
Part of the HIPAA Security Rule requires covered entities to put technical safeguards in place to protect against unauthorized access to PHI that is transmitted over an electronic network. This is commonly interpreted as meaning that the transmission and storage method must be encrypted. While patients may be comfortable communicating with care givers via text, email and video, these tools aren’t inherently HIPAA compliant (because the transmission isn’t encrypted), leaving the healthcare organization and its business associates open to a data breach and HIPAA violation.
While initially hesitant to adopt new IT solutions, the healthcare industry as a whole has recently been turning to technology to solve emerging issues, gain productivity advances and strengthen security. When evaluating new technology services to enable telemedicine, covered entities should seek out providers that specialize in HIPAA compliance and offer a verified compliant solution. Choosing a solution that has undergone an independent audit by cybersecurity risk management advisors provides peace of mind that the solution truly is HIPAA compliant. As a final piece, a healthcare organization should only work with partners that are willing to sign a business associate agreement, a key provision of the HIPAA compliance standard.
While there is no “silver bullet” solution to data security or HIPAA compliance, adopting solutions that are custom designed to address specific key areas of importance can help healthcare organizations create stronger programs and more comfortably move into the future of remote working and telemedicine. Please view the article in its entirety at HIT Consultant.
For more information on HIPAA compliance for private practices, contact HIPAAcraticRx.