We frequently get the chance to talk with providers who are considering adding the option of video visits to their practice. Many are attracted to the approach because it can help boost revenue, improve office efficiency, and increase patient satisfaction. One common cause for concern, however, is the privacy and security of patient data. Providers are rightly worried about staying on the right side of HIPAA regulations and making sure their patient’s information stays confidential.
If you are considering adding telemedicine to your practice, here are six things you should know related to security and HIPAA compliance.
HIPAA Does Apply to Telemedicine
Providers must exercise the same concern for patient privacy and confidentiality for in-office and online video visits. The responsibility to protect patient information applies whether that information is on paper, or in electronic files. Images and video are no exceptions.
Consumer Video Apps Do Not Meet the HIPAA Requirements
It may be tempting to use common apps like Skype and Facetime for video visits, but these services are not encrypted and therefore do not meet the HIPAA standard for security. Instead, providers should seek out a solution that is designed for healthcare purposes with built-in measures to protect patient information. The good news is that some are as easy to use as the consumer applications your patients already enjoy.
Video Visits Should Not Be Recorded
Transmission and storage on the part of the provider create a dangerous risk to the security of patient data. In addition, patients and providers are simply more comfortable when visits are not recorded.
Your Telemedicine Vendor Should Enter into a Business Associate Agreement
In most cases, HIPAA requires that people or vendors that provide certain services to healthcare providers sign an agreement to ensure that all protected health information is treated with the same precautions by anyone with access to it. Attorneys, transcribers, and accountants are all good examples of Business Associates. Technology providers that host video conferencing services are among this group as well. Your software vendor should be happy to sign a Business Associate Agreement.
Peer-to-Peer Networking is the Best Practice
Peer-to-Peer networking is a special type of internet connection that, along with other security features, is designed to conceal the identities and locations of each participant. It is considered the best practice for protecting confidential healthcare information and complying with HIPAA rules.
Patients Will Have Questions
If you are concerned about the security of video visits, you can bet your patients are as well. They will feel more comfortable if they are given the opportunity to ask questions and provided details about what you and your technology partner do to protect their information. Most are relieved to hear that the software was built for this exact purpose.
Every new technology that healthcare providers add to their practice needs strict scrutiny when it comes to privacy and security. Telemedicine can be implemented in a way that poses very little risk to patient data. HIPAA compliance does not need to stop your practice from enjoying the benefits of visits via video.