Telehealth Suppliers: HHS Points HIPAA Greatest Practices

Recognizing the evolving panorama of care supply and development of telehealth, the U.S. Division of Well being and Human Providers (HHS) revealed a useful resource information aimed toward aiding telehealth suppliers in explaining the privateness and safety dangers to sufferers that have interaction in telehealth. The information explains the dangers in telehealth visits and methods to scale back these dangers. Importantly, the steering makes clear well being care suppliers are not required by Well being Insurance coverage Portability and Accountability Act of 1996 (HIPAA) to supply this training. Nevertheless, the objective is that the useful resource information will assist suppliers that wish to talk about potential dangers with the affected person.

HHS acknowledges that making certain the privateness and safety of protected well being info will help promote simpler communication between the supplier and affected person, which is necessary for high quality care. Accordingly, HHS recommends that suppliers clarify the next to sufferers earlier than a telehealth session:

• The distant communication applied sciences that the supplier will use within the telehealth session. This could embody explaining what telehealth is and offeringexamples of various kinds of telehealth companies, corresponding to having a well being care appointment by phone or by a video conferencing utility.
• The significance of well being info privateness and safety. Suppliers ought to inform sufferers concerning the privateness and safety protections of the distant communication applied sciences the supplier presents.
• The potential dangers to the affected person’s info and mitigate the dangers. Suppliers ought to clarify that utilizing distant communication applied sciences for telehealth can include dangers to the privateness and safety of knowledge. Some examples of dangers that could be related to sufferers might embody viruses and different malware, unauthorized entry, and unintentional disclosures of knowledge. Mitigation measures embody anti-malware options, patching software program, and utilizing headphones to keep away from others overhearing the telehealth session.

To assist sufferers shield their well being info and keep away from potential phishing emails or different scams, suppliers ought to be certain that the affected person is aware of when and the way they are going to be contacted by the supplier, supplier’s workplace, or the distant communication expertise vendor. Info must also be supplied concerning the privateness and safety practices of any expertise vendor(s) which can be getting used for the telehealth service.

HHS additionally launched a useful resource information focused at sufferers, which gives suggestions that sufferers can independently implement to guard and safe their well being info. HHS gives many particular suggestions for sufferers, together with the next:

• Conduct telehealth appointments from personal places.
• Flip off any digital gadgets which will overhear or document info, corresponding to good audio system or safety cameras.
• Keep away from public computer systems or cellular gadgets, if potential, together with avoiding public wi-fi connections.  
• Set up all safety updates obtainable on the digital gadgets for use for telehealth appointments.
• Use robust, distinctive passwords.
• Delete well being info from computer systems or cellular gadgets when it’s now not wanted.
• Activate multi-factor authentication and use encryption instruments when obtainable.

The message from HHS is obvious, privateness and safety play an integral half within the healthcare expertise. HHS is signaling to the telehealth supplier group that privateness and safety training ought to be thought of a part of the affected person consumption and onboarding expertise.  Whereas these greatest practices usually are not required to be applied by suppliers, the kind of info that HHS suggests telehealth suppliers share with sufferers can usually be addressed within the telehealth knowledgeable consent or different consumption documentation supplied to the affected person.  Telehealth suppliers ought to assessment their consumption course of and decide whether or not these greatest practices might be integrated as a part of the affected person expertise.

For extra info on this new steering or authorized concerns associated to digital well being or information privateness, contact Foley’s Telemedicine & Digital Well being or Cybersecurity & Information Privateness groups.