In this Telehealth Feature Series, we’re going to cover the long list of potential telehealth features available today. As you’re considering your own approach to telehealth, we hope to provide you a look at all the possible features telehealth companies are offering on the market. Plus, we’ll offer our insight into nuances for each feature so you can select the right telehealth company or companies you use. Not all telehealth is created equal, so taking the time to understand all the possible features and options is worth the effort.
The first feature we’re going to cover is HIPAA Compliant Telehealth.
4 months ago, this discussion would have been quite different. We would have just said that any telehealth platform you select should be HIPAA compliant. If it’s not HIPAA compliant, you’re at risk for a HIPAA violation and fines.
Back in March 2020, OCR announced a HIPAA enforcement discretion that allowed many non-HIPAA compliant applications to be used for telehealth during the COVID-19 national emergency. In most cases these were consumer communication applications like FaceTime, Facebook Messenger, Google Hangouts video, and Skype to name a few.
This enforcement discretion has muddied the waters a little bit when it comes to the question of whether you’re ok to use a non HIPAA compliant Telehealth solution or not. The answer is that right now you’re allowed to use one and OCR won’t come after you for a HIPAA violation. The real question is how long will this HIPAA enforcement discretion for telehealth stay in place.
I try not to predict what the government is going to do very often, but I think this enforcement discretion is pretty clear. While it made sense in the pandemic to allow some discretion, once the crisis is over and/or there’s been enough time for healthcare organizations to adopt HIPAA compliant video solutions, OCR is going to roll back this discretion and HIPAA will require that telehealth meet their guidelines.
This just makes sense. If there weren’t HIPAA compliant options that were just as usable and effective as their non-HIPAA compliant alternatives, then we might have a different discussion. However, there are a plethora of HIPAA compliant telehealth options out there. There’s no reason a healthcare organization shouldn’t be able to adopt a HIPAA compliant solution.
What does this mean for your healthcare organization?
If you’re using a telehealth solution that’s not HIPAA compliant today, you better look to switch. In our list of telehealth vendors, there are plenty of options for you to choose from in this regard. In fact, most on the list are HIPAA compliant.
If you want a simple way to filter if a telehealth vendor is HIPAA compliant, ask them if they’ll sign a BAA (Business Associate Agreement). If they won’t, then move on to someone who will sign one. While signing a BAA isn’t a foolproof way to know that a telehealth vendor is HIPAA compliant, it’s a good first step. Then, you can dive in from there to understand what efforts they’ve taken to ensure they’re compliant with the various HIPAA regulations, but that’s a topic for a future article.
At the end of the day, choosing a HIPAA compliant telehealth company is not a hard thing to do and it’s the right thing to do for your patients. While there might be specific situations where pulling out an iPhone to Facetime a patient might make sense during the current pandemic, any organization choosing a telehealth software should make sure they select a HIPAA compliant solution.