Telehealth is growing rapidly as more healthcare providers are choosing to treat patients virtually. Utilizing video conferencing tools allows providers to treat patients that they would normally be unable to treat due to their geographic location. Treating patients virtually can also save providers and patients time and money. However, before developing a telehealth business, it is essential to ensure that you are using HIPAA compliant video conferencing.
Video Conferencing and HIPAA
HIPAA compliant video conferencing must have safeguards in place to maintain the confidentiality, integrity, and availability of protected health information (PHI). To be HIPAA compliant, video conferencing tools must enable encryption, access controls, and audit logs.
- Encryption: prevents unauthorized access to PHI by masking sensitive data into a format that is unreadable without a decryption key.
- Access controls: utilizing unique login credentials allows actions to be attributed to specific users. Users should be designated different levels of access to PHI based on their job roles.
- Audit logs: tracks who accesses what information, and how long they access it for. Audit logs allow for unauthorized access to PHI to be detected quickly.
HIPAA Compliant Video Conferencing: Signed BAA
Many traditional video conferencing platforms have the security protections required by HIPAA but are unwilling to sign a business associate agreement (BAA). Since video conferencing platforms are considered business associates under HIPAA, HIPAA compliant video conferencing requires a BAA to be signed before they can be used for telehealth purposes.
A BAA mandates specific security measures that the business associate is required to have in place. A BAA also holds each of the signing parties responsible for maintaining their own compliance. Lastly, a BAA determines which party is responsible for reporting a breach should one occur.
HIPAA Compliant Video Conferencing Platforms
There are several video conferencing platforms built specifically for telehealth. These may be preferable over other traditional video conferencing platforms as many of them integrate with electronic medical record (EHR) platforms, appointment reminder services, and e-claim filing tools. There are even HIPAA compliant video conferencing platforms that are built for areas with poor internet connections, enabling rural communities to receive health services that were previously unavailable to them. When choosing a video conferencing platform, telehealth businesses should look at the features available to determine which platform is right for their business.
Need assistance with HIPAA compliance? Compliancy Group can help! They help you achieve HIPAA compliance with Compliance Coaches® guiding you through the entire process. Find out more about the HIPAA Seal of Compliance® and Compliancy Group. Get HIPAA compliant today!
Ransomware hackers attack smaller healthcare practices daily, creating serious data breaches and HIPAA violations. Are you and your clients/patients vulnerable, too?
Managing social media use and HIPAA compliance can lead to some of the most common misunderstandings faced by healthcare providers. Improperly trained employees can expose your organization to HIPAA violations and costly fines!
Disclaimer: The views and opinions expressed in the article and on this blog post are those of the authors. These do not necessarily reflect the views, opinions, and position of the Telebehavioral Health Institute (TBHI). Any content written by the authors are their opinion and are not intended to malign any organization, company or individuals.