Do you think you have finally understood telehealth? Don’t get too comfortable just yet! OCR recently released guidance on how covered healthcare providers and health plans should use their remote communications technology to provide audio-only telehealth services while complying with HIPAA requirements.
Why is telehealth important?
Let’s start at the beginning. Telehealth helps increase the value and safety of a practice by expanding access to health care across the country and providing some users who have difficulty using audio and video telehealth technologies. When systems are not properly secured, they pose risks to safety, health and patient data. Cyberattacks and ransomware are extremely common in telehealth and can quickly create issues that leak medical and other sensitive information. As a practice, it is essential and useful to maintain excellent telehealth, especially nowadays with the increase in funding and resources available to OCR.
OCR Director Lisa J. Pino says, “Audio telehealth is an important tool for reaching patients in rural communities, people with disabilities, and others seeking the convenience of remote options. This guidance explains how HIPAA rules enable healthcare providers and plans to offer audio telehealth while protecting the privacy and security of individuals’ health information.
As OCR’s telehealth notification system may be retired as of July 15, 2022, we recommend that practices remain vigilant and take every precaution using your user-friendly, easy-to-use HIPAA-compliant software to ensure compliance. total today.
The first step to staying alert is to follow the guidelines issued by the OCR in response to recent news that the telehealth notification system may be shut down. The guidelines below specify the conditions under which telehealth can be used.
HHS permits HIPAA-covered businesses to provide telehealth and audio-only services using remote communication technology. However, these services should be provided in a private environment to the best of the entity’s ability and the individual’s identity should be verified.
Even though HIPAA does not apply to audio-only telehealth services delivered through electronic communication methods, when delivering telehealth services through mobile devices or applications, practices may face data privacy issues. HIPAA compliance. Therefore, practices should identify all potential PHE privacy risks and vulnerabilities as part of the risk analysis process prior to the completion of the PHE.[View source.]