Over the course of the past couple of months, telehealth has expanded exponentially, but questions still loom about secure COVID telehealth services. A recent study found that in the next five years, it is expected that the telehealth market will grow by 38.2%. In 2020 alone, telehealth will likely grow by 64.3%.
“The critical need for social distancing among physicians and patients will drive unprecedented demand for telehealth, which involves the use of communication systems and networks to enable either a synchronous or asynchronous session between the patient and provider,” said Victor Camlek, Healthcare Principal Analyst at Frost & Sullivan. If you haven’t yet begun to deliver secure COVID telehealth services, the tips below will help you think about your options. If you have started, it will help you work legally and ethically with best practices related to HIPAA.
Is HIPAA Gone? Offering Maximally Secure COVID Telehealth Services
With the COVID-19 pandemic, many providers are quickly adapting to the changing environment and relying on technology which they do not adequately understand. Many practitioners also don’t understand HIPAA’s recent shift in relaxing enforcement so as to provide maximally secure COVID telehealth services.
The Department of Health and Human Services (HHS) continues to release new guidance on the use of telehealth services and HIPAA, to ease the transition for these providers. Some of the guidance has been misconstrued; there is a common misconception that telehealth services no longer need to be HIPAA compliant. However, this is simply untrue; the guidance applies to temporarily lessen enforcement of sanctions again errant clinicians. The changes, however, have not changed the law. In essence, the Office for Civil Rights (OCR) will not enforce rules currently on the books. They have agreed to look the other way – not remove the rules. The actual wording of their shift relates to the use of video conferencing platforms that are normally deemed unsuitable, as long as the treatment is provided in “good faith.” This means that clinicians must:
Offer services in maximally protected environments, in other words, choose technology that will offer the highest level of privacy and security possible and be able to explain
- Release the least amount of information possible
- Inform clients and patients of the risks associated with the clinician’s choice to use of any technology (which means the clinician must understand and explain these risks).
- Risks associated with unsecure environments such as Facetime and Skype, then, should be explained to the client and patient.
- When platforms such as Skype, the clinician should be aware of features such as typing words while communicating, which can render the exchange visible to onlookers months later. It is best then, to avoid leaving any trace of clinical care that can be seen by other parties when opening Skype months later. Only using the video portion is suggested. Video exchanges on Skype are not recorded and therefore cannot be as easily traced months later.
- Avoid all recording features allowed by platforms. Clinicians rarely record behavioral sessions when working in-person. Such cautions are even more appropriate online, where protecting a client or patient’s security is paramount. Although HIPAA sets standards for technology platforms to meet, hacking occurs regularly.
- Proper release forms outlining those particular risks should be signed by the client/patient.
- The informed clinician then keeps the client or patient’s welfare at the forefront of their decision-making at all times, mitigating risks, using HIPAA-complaint technology whenever possible. For a list of platforms claiming HIPAA-compliance, see TBHI’s Telehealth Buyer’s Guide.
- Document their rationales fully
Although the HHS is lessening HIPAA enforcement surrounding the use of videoconferencing platforms, telehealth providers are still restricted from using public-facing platforms such as Facebook Messenger and TikTok. Telehealth providers must also continue to adhere to the standards set forth by HIPAA (i.e. implementing safeguards, business associate management, policies and procedures, training, etc.).
Resources for COVID Telehealth Services
- Need assistance with HIPAA compliance? Compliancy Group can help. They help you achieve HIPAA compliance with Compliance Coaches® guiding you through the entire process. Get HIPAA compliant today.
- A COVID-19 Telehealth Primer is available through the Telebehavioral Health Institute blog to help you navigate the many changes brought about by COVID-19. Get updated information and other resources – all in one spot.
- TBHI specializes in teaching you how to relax when delivering telehealth. It offers you a step-by-step learning path of online training that helps you be legally and ethically compliant, clinically proficient, and able to handle even the most difficult of clinical scenarios. Take advantage of COVID discount pricing to learn how to sit back and enjoy your telehealth experiences, rather than struggling with ZOOM fatigue and clinical uncertainty. All courses are evidence-based, available 24/7 through any device. Two micro certifications are also available.
- Telehealth Clinical Best Practices Workshop — Live, interactive webinar, scheduled in May, June and July, 2020 (w/ 4 CME or CE legal and ethical hours) to discuss preventing and handling complex clinical issues at 75% off.
- Course Catalog
- Micro Certifications to give you a broader range of legal and ethical grounding, and allow you to distinguish yourself as a TBHI-credentialed professional on your websites, in social media, directories and other arenas
Disclaimer: The views and opinions expressed in the article and on this blog post are those of the authors. These do not necessarily reflect the views, opinions, and position of the Telebehavioral Health Institute (TBHI). Any content written by the authors are their opinion and are not intended to malign any organization, company or individuals.