As we all know, since the beginning of the COVID-19 pandemic, telehealth has “virtually” transformed the meaning of healthcare for both patients and providers. Telehealth has made healthcare more available and accessible for a wide variety of patients and provided a safe alternative for those in need of medical care during the pandemic. While telehealth brings a number of benefits, it can also create privacy concerns and legal uncertainties. In response, the Department of Health and Human Services’ Office for Civil Rights (“OCR”) recently issued resources for providers to use to educate their patients about the interaction between telehealth and HIPAA to promote transparency and trust.
The resources, which were published in an OCR newsletter, address the basic definitions and components of telehealth, and include recommendations for discussing patients’ telehealth options, risks to personal health information (PHI) when using telehealth, and explanations regarding the applicability of HIPAA and other civil rights laws when using telehealth.
Helpfully, the resources include tips safeguarding PHI when using telehealth, including conducting appointments in private locations, using multi-factor authentication (MFA) when possible, using encryption when available, and avoiding public WIFI networks when accessing health information and conducting appointments. The resources also provide information about common telehealth scams that may create risks for patients’ privacy and information security.
Providing telehealth resources to patients can increase trust and strengthen the provider-patient relationship. Additionally, providers can use OCR’s resources to evaluate their own telehealth policies, impacts, and billing procedures and learn more about best practices recommended by OCR.
If you have questions about HIPAA requirements for telehealth or your current telehealth practices, please do not hesitate to reach out to any member of Gardner Skelton’s healthcare team.