What is HIPAA and how does it apply to telemedicine?
First introduced in the U.S. in 1996, the objective of the Health Insurance Portability and Accountability Act (HIPAA) was to modernize the flow of healthcare information, identify how personal information kept by healthcare insurance agencies should be protected from fraud and theft, and to examine the constraints of healthcare insurance coverage.
Today, there are two types of organizations that must be HIPAA compliant:
- Covered Entities: An organization that collects, creates, or transmits personal health information electronically.
- Business Associates: An organization that works with personal health information on a contractual basis and on behalf of a covered entity.
The HIPAA guidelines on telemedicine affect any medical professional or healthcare organization that offers remote services to patients. The requirements for patient privacy and confidentiality that apply for in-person visits also apply to remote and virtual visits. And the storage of electronic files, video, and images needs to be approached with the same caution as is practiced with physical documents.
In order to be compliant with HIPAA, healthcare organizations need to ensure that the communication channels used for transmitting electronic health information are HIPAA-compliant.
The HIPAA guidelines are as follows:
- Only authorized users should have access to electronic health information.
- A system of secure communication should be applied to protect the integrity of electronic health information.
- A system of monitoring communications containing electronic health information should be implemented to prevent accidental or intentional breaches.
To communicate with patients, medical professionals and healthcare organizations have the option of either authorizing a patient to have short-term access to their networks through a secure messaging app, or they can arrange a secure temporary browser session using the same platform. In many cases, healthcare organizations end up integrating a secure messaging solution, such as OnCall, into their electronic health record to reduce time-consuming patient updates.
When communicating with patients using secure messaging, and when communicating between medical professionals, secure messaging solutions have the following advantages:
- Medical professionals in the community can send and receive electronic health information on the go using secure messaging.
- Images can be attached to secure messages, which can then be shared to accelerate diagnoses and the administration of treatment.
- Secure messaging can also be used to accelerate emergency admissions and patient discharges – reducing wait times and streamlining the administrative process.
- Automatically produced delivery notifications and read receipts reduce phone tag and increase message accountability.
It is important to note that consumer-grade services like Skype and FaceTime do not support HIPAA compliant video conferencing because they are not encrypted and should not be used when dealing with personal health information.
In addition, when choosing a technology partner, ensure that they are willing to enter into a business associate agreement.
At the end of the day, patients have every right to be concerned about privacy and ask how their information will be protected during a remote clinical meeting. Telehealth organizations have to be ready and willing to educate their patients about the steps that they are taking to secure personal health information. It is extremely important to make patients aware that the technology being used has been specifically designed for the purpose of privacy and security, and that a healthcare organization takes HIPAA compliance very seriously.
Learn more about OnCall’s security and privacy features here.