Posted By Lauren Brawley On March 25, 2020
New Rules for Telehealth Technology
It’s no question that COVID-19 is rapidly changing the way we live and work. New social distancing restrictions and shelter-in-place orders cause businesses to become creative in how to stream services online or operate from a distance. Since the beginning of this pandemic, healthcare providers have been on the front lines. As social distancing becomes increasingly important, even healthcare workers must implement measures to serve clients from afar. Telehealth is an even hotter topic right now for just this reason.
We’ve seen a spike in organizations using technology to continue providing care. Offering telehealth keeps both patients and healthcare professionals safe during the COVID-19 outbreak. For that reason, the government recently lifted restrictions on telehealth. Telehealth is expanding to every type of healthcare provider, not just those working to treat COVID-19. The expansion of telehealth helps slow the spread of COVID-19 and provides more healthcare access to individuals during this unique time.
So, what are these lifted restrictions and how can you get started with telehealth?
What is Telehealth?
Before we can understand new rules and regulations for telehealth, it’s important to define what telehealth is. Telehealth is the distribution of health-related services electronically or through telecommunications. It allows for individuals to receive health education, clinical visits, health administration from a distance by utilizing technology.1 Telemedicine is a category of telehealth. Telemedicine refers directly to clinical services being offered electronically. Telehealth covers a large umbrella of health services, as shown on the flow chart.
Relaxed HIPAA Regulations for Telehealth
The Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS) released last week that normal penalties on HIPAA noncompliance will not be imposed on organizations providing telehealth. This means that normal HIPAA requirements are now being relaxed to allow more healthcare workers to use telehealth. These rules may vary across states, so it is important to check local health authority updates. However, relaxed HIPAA regulations do not mean relaxed privacy standards. Security of a patient’s private health information is always held at first priority. These relaxed penalties allow professionals to begin offering care electronically as soon as possible. Here’s what you need to know about the new HIPAA guidance from OCR:
Healthcare Workers Can Now Use “Non-Public” Products to Offer Telehealth
Non-public products include technologies such as:
- Apple FaceTime
- Skype
- Google Video Hangouts
Non-public applications still allow for the privacy of a patient’s information; whereas, public applications may not provide the same security. Public-facing applications are prohibited in electronic healthcare visits, even with the relaxed HIPAA regulations. OCR specifically prohibits such “public-facing” solutions, which include apps like Facebook Live or Tik Tok.
Safety Not Automatically Ensured
While the commitment to privacy and security remains the same, it’s important to note safety is not automatically ensured in these non-public solutions. OCR recognizes the use of these applications will present potential risks in privacy.
Clients and healthcare professionals should work diligently to confirm encryption and privacy modes are enabled in non-public applications. It is always better to double-check privacy settings rather than assume everything is in place.
Roger Severino, the director at OCR, recently stated, “We are empowering medical providers to serve patients wherever they are during this national public health emergency.”2 Telehealth will allow more people to access the care they need during this trying time in public health history.
Getting Started with Telehealth
With telehealth quickly expanding, it’s important to know how to get started. The American Medical Association recently released a helpful quick guide to facilitate using implementation for providers. When getting started, it’s recommended organizations think through these 3 steps:
- Designate team members to make decisions quickly about solution options for a facilitated implementation
- Make sure your malpractice insurance carrier policy covers telehealth options
- Develop a base knowledge of the payment and policies that come with telehealth services
HHS additionally provides a list of technology vendors claiming to be HIPAA compliant.3 While this is not an exhaustive list, it includes vendors that would qualify as HIPAA-compliant products under the normal HIPAA circumstances. These vendors additionally claim to be willing to enter into a HIPAA Business Associate Agreement (BAA) with healthcare providers. In short, BAAs are legal documents that ensure video service products protect patient privacy. Products on the HHS list include:
- Skype for Business / Microsoft Teams
- Updox
- VSee
- Zoom for Healthcare
- Doxy.me
- Google G Suite Hangouts Meet
- Cisco Webex Meetings / Webex Teams
- Amazon Chime
- GoToMeeting
Again, these products are not an exhaustive list. Although, they may be important to consider as a longer-term telehealth solution. These products have more established privacy policies as they are commonly used under normal HIPAA circumstances.
Stay Up To Date on Telehealth News
It is likely that we will continue to see an increase in electronic care options and policies as the COVID-19 pandemic continues. To stay up to date with the growing expansion and changes in telehealth, be sure to check trusted sources. The following links are resources to trust during the ongoing pandemic:
Patagonia Health is Here to Help
As a trusted Public and Behavioral Health EHR, practice management, and billing solution, we understand the importance of combating the ongoing pandemic of COVID-19. As always, if there’s anything we can do to support you, please reach out to us.
Blog Resources
1 https://www.healthit.gov/topic/health-it-initiatives/telemedicine-and-telehealth