OCR Releases Patient Resources for Telehealth
Telehealth services took off during the pandemic and continue to be a popular option for many people seeking medical care. While convenient and efficient, there are risks to conducting any sort of business online. Patient health is no exception.
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) aims to address those concerns with two resource documents issued this week. The documents help patients understand the privacy and security risks to their protected health information (PHI) when using telehealth services and ways to reduce these risks.
“This recent OCR guidance adds a valuable resource to educate patients on inherent risks and best practices for privacy and security,” said David Ginsberg, PrivaPlan president.
Supporting and Securing Telehealth Services
Although the HIPAA Rules do not require providers to offer the resources, the documents are intended to support the increased use of telehealth and help patients feel secure using it.
The first resource is specifically for providers: “Educating Patients about Privacy and Security Risks to Protected Health Information when Using Remote Communication Technologies for Telehealth.” It includes suggestions for discussing risks to PHI and how it applies to civil rights laws.
The second resource is specifically for patients: “Telehealth Privacy and Security Tips for Patients.” It includes recommendations for protecting their health information, such as avoiding public Wi-Fi and not using a work computer for telehealth services.
“Telehealth is a wonderful tool that can increase patients’ access to health care and improve health care outcomes,” said OCR Director Melanie Fontes Rainer. “Healthcare providers can support telehealth by helping patients understand privacy and security risks and effective cybersecurity practices, so patients are confident that their health information remains private.”
Covered Entities Must Ensure HIPAA Compliancy of Telehealth
Ginsberg explained the vital role covered entities have regarding telehealth services. “Several years ago, when the COVID Public Health Emergency was announced, the Office for Civil Rights relaxed some of its enforcement guidelines related to telehealth technology and HIPAA Compliance. In response, PrivaPlan provided updated telehealth HIPAA compliance policies,” he said.
“The Public Health Emergency has ended, and all Covered Entities should ensure their telehealth platforms support HIPAA compliance both in their technology and by signing a Business Associate Agreement, where applicable.”
If you have any questions about this or other privacy and security issues, please reach out to us. We’re here to help. Email info@privaplan.com or call 877-218-7707.