The Health Insurance Portability and Accountability Act (HIPAA) that was passed by Congress in 1996 sits right at the intersection of medicine, technology and law. Fortunately, you don’t have to be a doctor who is also a lawyer, that that happens to be a software engineer to ensure that the video conferencing solution you use to provide telehealth access to your practice is compliant with HIPAA.
Chiron Health has done that for you.
The law was designed to accomplish the following:
It is the last point, which is addressed in the Privacy Rule and the Security Rule, that is relevant to healthcare related video conferencing.
The Privacy Rule: As its name suggests, the Privacy Rule governs the use and disclosure of what’s known as Protected Health Information (PHI). Covered entities are obliged to develop and follow procedures that protect the confidentiality and security of PHI whenever it is transferred, received, handled or shared. This applies whether the information is shared on paper, orally or electronically. The rule further states that only the minimum health information necessary is to be used or shared.
The Security Rule: The Security Standards for the Protection of Electronic Protected Health Information, is commonly referred to as the Security Rule. It establishes the standards for securing patient data that is stored or transferred electronically. It defines three types of security safeguards that are required for compliance: administrative, physical and technical. It further lays out security standards for each.
The HIPAA Privacy and Security rules apply to what is known as “covered entities.” These include: medical service providers, healthcare clearinghouses, and health insurers, including employer sponsored health plans that engage in certain transactions.
A business associate is an entity or a person that performs activities on behalf of a covered entity. These might include attorneys, accountants, transcription services, and in some cases, technology providers that might have access to or store protected health information. In most cases, HIPAA rules require that covered entities and business associates enter into contracts to ensure that all protected health information is safeguarded by everyone who may have the opportunity to access it.
Chiron Health is considered a business associate for our clients because we enable the transmission of private health information over the internet during telehealth visits. We take our obligation to protect patient information and make sure you are HIPAA compliant very seriously. We safeguard your protected health information in the following ways:
We protect private health information through encrypted transmission.
All video visits are conducted through a secure peer-to-peer connection.
Chiron Health does not store video transmissions or other clinical data.
We sign a Business Associate Agreement (BAA) with every client.
Telehealth is a beneficial delivery method for both patients and providers. With Chiron Health, HIPAA concerns need not keep your practice from leveraging this modern approach to easing access to care. Please contact us with any questions regarding HIPAA-compliance for video conferencing with your patients.