Implementing Telemedicine Services? Here's How to Stay HIPAA Compliant

As the United States prepares to face a second-wave of COVID-19, many practitioners have begun transitioning to more telemedicine visits whenever possible to help flatten the curve and mitigate risk of spreading the virus.

Though several practices opted to do this amid the first-wave, states began reopening, so many offices began seeing patients in-house again. However, as the second-wave approaches, practitioners are reconsidering this decision.

The first wave of the virus was almost like a test run for telemedicine visits, so now that we’ve had some practice, we’re better prepared to function remotely this time around.

One point that can’t be overstated is that any electronic communication in healthcare must maintain HIPAA compliance to avoid penalties or legal action. 

Here’s our tips on how to stay HIPAA compliant as you begin implementing telemedicine services in your private practice.

Where to Hold Televisits

One aspect of traditional, in-office doctor visits that is often overlooked is privacy. When you meet with a patient, you are likely going to be speaking with them in a separate exam room or office where you and that person are the only ones in the room.

This may not always be the case for telemedicine visits. If a patient has to call in from their home, they could have any number of disruptions to their protected health information (PHI), whether that is a partner, sibling, or child.

The best way to combat this risk is to make sure that you are isolated when holding a telehealth appointment, and be sure to take precaution to ask the patient beforehand if their environment is safe for sharing PHI, and even suggest that they relocate somewhere with more privacy if possible. 

Acceptable Telehealth Communication Platforms

The primary way to guarantee the highest level of HIPAA compliance, along with patient privacy, is to only use applications that are classified as “non-public facing”. This essentially means that the data being shared back and forth, whether by message, voice, or video, is only able to be seen by the two parties participating in the interaction.

Some acceptable platforms include:

• Apple FaceTime
• Facebook Messenger video chat
• Google Hangouts video
• Whatsapp video chat
• Zoom
• Skype
• Signal
• Jabber
• Facebook Messenger
• Google Hangouts
• Whatsapp
• iMessage

Some unacceptable platforms include:

• Tik Tok
• Facebook Live
• Twitch
• Other public forums or chat rooms
  
  

Hacking Healthcare

Sometimes, even if you take every precaution as a practitioner, breaches in privacy can still happen. 

The Department of Health released a statement regarding this scenario, in which they state that they will not exercise enforcement of penalties for compromised information - provided the hack was completely external, and the telehealth practices were in good faith.

For more information on HIPAA compliance or COVID-19 response, check out the 99MGMT blog!