Under the Health Insurance Portability and Accountability Act (HIPAA), telehealth practices are considered covered entities (CEs). As a HIPAA covered entity, the HIPAA Security Rule applies to telehealth practices.
What is the HIPAA Security Rule?
The HIPAA Security Rule requires organizations working in healthcare to secure protected health information (PHI), maintaining the confidentiality, integrity, and availability of PHI.
- Confidentiality: PHI cannot be disclosed to unauthorized individuals.
- Integrity: PHI cannot be altered or destroyed without proper authorization.
- Availability: PHI must be easily accessible to authorized individuals.
Covered entities have an obligation to adhere to the following in accordance with the HIPAA Security Rule:
- Identify and protect against reasonably anticipated threats to the security or integrity of the information;
- Protect against impermissible uses or disclosures of ePHI that are reasonably anticipated; and
- Ensure compliance by their workforce.
In addition to these standards, it is a requirement of the HIPAA Security Rule to have administrative, physical, and technical safeguards in place.
- Administrative: requires a security risk assessment (SRA) to be performed to identify gaps in security measures.
- Physical: are the measures that are put in place to secure physical location including alarms and cameras.
- Technical: are measures that secure an organization’s network including encryption, firewalls, and data backup.
Although the HIPAA Security Rule does not mandate specific safeguards to be in place, covered entities (CEs) must implement measures that are reasonably appropriate for their organization. When deciding what protection to implement, the following should be considered:
- Their size, complexity, and capabilities;
- Their technical hardware, and software infrastructure;
- The costs of security measures; and
- The likelihood and possible impact of the potential risk to ePHI.
Need assistance with HIPAA compliance? Compliancy Group can help! They help you achieve HIPAA compliance with Compliance Coaches® guiding you through the entire process. Find out more about the HIPAA Seal of Compliance® and Compliancy Group. Get HIPAA compliant today!
Cyber Security: Top 5 Things You Can Do Tomorrow Morning to Protect Your Practice and Your Clients/Patients
Ransomware hackers attack smaller healthcare practices daily, creating serious data breaches and HIPAA violations. Are you and your clients/patients vulnerable, too?
Social Media and HIPAA Compliance: Protecting Your Practice in the Digital Age
Managing social media use and HIPAA compliance can lead to some of the most common misunderstandings faced by healthcare providers. Improperly trained employees can expose your organization to HIPAA violations and costly fines!
Disclaimer: The views and opinions expressed in the article and on this blog post are those of the authors. These do not necessarily reflect the views, opinions, and position of the Telebehavioral Health Institute (TBHI). Any content written by the authors are their opinion and are not intended to malign any organization, company or individuals.