The Department of Health and Human Services Office for Civil Rights (OCR) recently relaxed HIPAA enforcement: they won’t penalize providers who use tools for telehealth that are not HIPAA compliant. It makes sense. Over the last six weeks, telehealth has become a necessity for healthcare providers, allowing physicians and patients to connect without patients having to risk a visit to a clinic or hospital—but most of those tools don’t offer the privacy or security measures to meet HIPAA requirements. Nonetheless, patient privacy is still critical to telehealth for multiple reasons. Let’s take a look.
The OCR’s notice specifically allows health care providers to use audio or video communication technologies to provide services to patients like examining a swollen ankle or making a medication change, even if the technology isn’t fully HIPAA compliant. Healthcare providers are advised to notify their patients of the privacy risk and to opt for the strictest privacy settings, like end-to-end encryption and systems that don’t store transmissions. In short, patient privacy and is encouraged but not required.
But even if the OCR won’t penalize providers for noncompliance with HIPAA, patients still can. Healthcare providers face the risk of lawsuits from patients who feel that their privacy has been violated. This is a serious concern of patients, who prefer their healthcare providers opt for more secure tools than standard ones such as Zoom and Google Hangouts. Indeed, patients recently sued a home healthcare provider and cloud computing company for privacy violations after they were hit with a ransomware attack. The upshot is that even as HIPAA regulations are relaxed, healthcare providers still need to pay close attention to patient privacy.
So how can healthcare providers offer telehealth services while still maintaining patient privacy? The answer lies in the tool you choose to use. The American Medical Association recommends tools with strong privacy and security that patients feel they can trust. That means opting for end-to-end encryption and systems that don’t store transmissions
That may seem daunting but finding a tool that respects patient privacy doesn’t have to be difficult. Vaporstream makes it easy for you to connect with patients and share images and files. Our secure messaging solution goes beyond end-to-end encryption with advanced content controls that protect communications at all times, as well as automated message expiration and compliance. Vaporstream makes it easy to communicate with patients while guaranteeing patient privacy. See what we look like in action here.