Guidance for Adopting Telemedicine Quickly
During the novel coronavirus (COVID-19) emergency, physicians and healthcare providers may want to adopt telemedicine as a way to provide patient care. The following outlines some easy, acceptable practices for adopting telemedicine quickly that comply with HIPAA and California data and privacy laws, but some precautions should be followed. These include:
- Ideally use a professional telemedicine platform. One such platform that is widely available is Zoom for Healthcare. If you will be recording and saving the telemedicine visits, be sure to have a HIPAA business associate agreement in place with the vendor.
- If you don’t need to record the visit, you can use Facetime or WhatsApp, both of which encrypt the meeting; you can also use Skype or other video meeting technology.
- Be sure that you follow all good HIPAA security practices, especially if you will provide this from your home computer or personal smartphone:
- Ensure Wi-Fi is secured with WPA2 encryption (fairly easy to do if not already – see article)
- If working from home, work from as private an area as possible, and don’t allow family members or others to shoulder surf or see your workstation screens
- Always log off when you get up and leave your workstation at home unattended – and this is not a screen saver, but a complete log-off
- Don’t use sticky notes or otherwise leave your passwords visible near the workstation
While the President has waived HIPAA “enforcement” during this emergency, California data and security laws currently remain in effect; also, patients can still bring an action if their PHI or personal information is breached.
Today’s announcement also means that certain HIPAA Privacy requirements are not being enforced:
- the requirements to obtain a patient's agreement to speak with family members or friends involved in the patient’s care. See 45 CFR 164.510(b)
- the requirement to honor a request to opt out of the facility directory. See 45 CFR 164.510(a)
- the requirement to distribute a notice of privacy practices. See 45 CFR 164.520
- the patient's right to request privacy restrictions. See 45 CFR 164.522(a)
- the patient's right to request confidential communications. See 45 CFR 164.522(b)
NOTE: The ACCMA does not endorse or have any relationship with any companies or products mentioned in this article.