Thanks to social distancing Telehealth has become a booming business and more patients and caregivers are utilizing its services. Because of the high demand and health concerns, the OCR has issued temporary holds on policies regulating telehealth. But COVID-19 will not last forever (despite it feeling so most days), and the demand for telehealth is not going anywhere. Once the holds are lifted it is likely you will still need to keep up with telehealth, but are you confident the programs you are using are HIPAA compliant?
In March 2020 the OCR had announced that it is exercising its enforcement discretion to not impose penalties for HIPAA violations against healthcare providers in connection with their good faith provision of telehealth using communication technologies during the Covid-19 nationwide public health emergency. HIPAA covered entities are currently expected to operate under these new guidelines. However, once things return to normal and the hold is lifted, HIPAA covered entities will be expected to return to the HIPAA security rule stating:
- Only authorized users should have access to ePHI.
- A system of secure communication should be implemented to protect the integrity of ePHI.
- A system of monitoring communications containing ePHI should be implemented to prevent accidental or malicious breaches.
Telehealth’s impact on healthcare
Many patients and providers who would not have normally considered telehealth as a regular way to access healthcare are now utilizing the services. Many patients are afraid to go the hospital or doctor office in fear of exposing themselves and loved ones to Covid-19. Luckily, doctors can still reach their patients and provide medical care online. It has been a lifesaving and highly convenient tool for patients and providers alike. After this pandemic is over, many suspect that telehealth will still be sticking around. Now may be a good time to consider how to make your telehealth services more secure.