HIPAA’s telemedicine Privacy Rule guidelines have been established for medical professionals providing remote telehealth services to patients. It provides a roadmap to medical professionals for a safe, secure teleconsultation.
HIPAA’s acceptance of communicating electronically protected health information (EPHI) at distance. Many medical professionals believe they are following HIPAA guidelines when EPHI at distance communication is solely between the patient and the physician. Ensuring direct, secure communication between the patient and the physician is vital. However, the channel on which the communication is being transmitted must also be secure. Especially if the healthcare organization and medical professional aim to comply with HIPAA’s telemedicine guidelines.
The guidelines include:
- Authorized users are the only individuals who should be able to access EPHI—this is a reasonable safeguard to prevent unauthorized parties from accessing EPHI
- Preventing malicious or accidental breaches requires the implementation of a system to monitor EPHI communications—mechanisms that can monitor and remotely delete EPHI data must be installed
- Protecting the integrity of EPHI requires implementing a system of secure communication—insecure channels of communication include Skype, email, and SMS. According to HIPAA, none of these are acceptable for communicating EPHI at distance