Telehealth Security: Using a Telehealth VPN
Hackers have been developing yet more devious ways to harm people since COVID. They are banking on the elevated levels of stress and confusion experienced by many providers. Many privacy protections have been loosened with limited and discretionary enforcement of HIPAA rules by the Office for Civil Rights (see Secure COVID Telehealth Services: Has HIPAA Gone Away? and Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency).
The debate about whether or not telehealth offers a secure means of communicating with patients is ongoing. Many experts argue that the only way to secure telehealth sessions is by forgoing the use of WiFi and connecting directly to the internet router using an ethernet cable. Although this offers more telehealth security, it also poses some security risk while restricting users physically, by forcing them to be near their router to have a connection, whether or not other household members are in the vicinity. Using a virtual private network (VPN) however, offers telehealth providers maximum security while giving them the flexibility to work from anywhere.
A virtual private network (VPN) is a service that extends a private network over a public net. When using a VPN to connect to the internet, all data passing through the VPN is encrypted (encryption masks data, making it unreadable to unauthorized users). As such, connecting to a VPN provides the most secure connection and prevents even the most advanced hacker from accessing data.
VPN is often offered as a subscription service, where users can connect to any WiFi connection available, then enable their VPN service. By logging onto a VPN before opening a telehealth platform, the session is encrypted as soon the telehealth platform is launched. VPN can quickly and easily provide telehealth security whether sessions are conducted from a home office or another remote location. For example, if a healthcare provider was traveling and needed to conduct a telehealth session from their hotel room, using the hotel’s public WiFi, the provider could connect to the hotel WiFi and then activate their VPN service to provide a secure telehealth session.
Telehealth Security and HIPAA
Under HIPAA, a VPN service provider working with healthcare clients is considered a business associate as they have the potential to access PHI as part of the service they provide for their clients. Therefore, for HIPAA compliant VPN use, telehealth providers must have a signed business associate agreement (BAA) with the VPN service provider before using the service. A BAA mandates the security and privacy measures the business associate is required to have in place. It also limits the liability for each signing party, as each party is responsible for monitoring and maintaining their HIPAA compliance.
Need assistance with HIPAA compliance? Compliancy Group can help! They help you achieve HIPAA compliance with Compliance Coaches® guiding you through the entire process. Find out more about the HIPAA Seal of Compliance® and Compliancy Group. Get HIPAA compliant today!
Your TBHI Professional Training Options
TBHI specializes in teaching you how to relax when delivering telehealth. It offers you a step-by-step learning path of online training that helps you be legally and ethically compliant, clinically proficient, and able to handle even the most difficult of clinical scenarios. Take advantage of COVID discount pricing to learn how to sit back and enjoy your telehealth experiences, rather than struggling with ZOOM fatigue and clinical uncertainty. All courses are evidence-based, available 24/7 through any device and most count toward legal and ethical requirements for licensure. Two micro certifications are also available.
- Telehealth Group Therapy — Exciting, highly interactive telehealth learning experience designed to get answers to your questions about legally and ethically managing telehealth group therapy. Digital class will allow you to connect with colleagues ahead of time to ask questions and share answers. Distinguished faculty will lead you through telehealth group therapy theory and exercises.
- Telehealth Clinical Best Practices Workshop — Live, interactive webinar, w/ 4 CME or CE hours to discuss preventing and handling complex clinical issues.
- Course Catalog
- Micro Certifications to give you a broader range of legal and ethical grounding, and allow you to distinguish yourself as a TBHI-credentialed professional on your websites, in social media, directories and other areas.