The recent sharp spike in the use of telemedicine in place of in-person visits is great news for both patients and providers. Patients enjoy unprecedented convenience and reduced costs, while providers benefit from a new revenue channel and less strain on office resources. While the upsides of the approach are significant, as with any technology security is a chief concern. It is absolutely possible to practice secure, HIPAA compliant telemedicine if providers adhere to these key requirements.
In order to protect patient health information, it is essential to choose a technology platform that uses encryption to prevent unauthorized access to video transmissions and other data. For this reason, consumer applications like Skype and Facetime are not appropriate for use in telemedicine.
Limited Data Storage
The video transmissions involved in a telemedicine visit should not be stored by the solution provider. This eliminates a possible point of failure.
HIPAA Business Associate Agreement
Technology vendors that provide solutions for medical practices are generally considered “Business Associates” under HIPAA guidelines. The vendor and provider should enter into an agreement that extends the responsibility to comply with HIPAA rules to the vendor.
It is important not to overlook the role that patients play in protecting their own privacy and security. They should comply with data security best practices such as strong passwords, virus and malware protection, and firewalls where appropriate on the devices that they use for telemedicine. In addition, because they are not in a clinical setting, patients should be mindful of their physical location and conduct the video visit from a place where they are not likely to be overheard.
Working together, providers, vendors, and patients can ensure the protection of health information and achieve the same standards for confidentiality that are expected in a medical office. Secure telemedicine is a component of the American healthcare system that is becoming more widespread and important. Fortunately, there is no need to compromise privacy in order to experience its many benefits.