$0.00

No products in the cart.

$0.00

No products in the cart.

Home Blog

Privacy requirements

0

The Health Insurance Portability and Accountability Act, including its implementing regulations, is an important aspect of all healthcare, including telehealth. Providers who provide telehealth must comply with the HIPAA privacy and security rules, and also should be aware of the unique security risks posed by virtual healthcare technology, which can be vulnerable to outside threats. Thus, it is important for telehealth equipment to encrypt user data; however, it should be noted that there is still a small possibility that even encrypted data could be accessed by unauthorized persons. Patients should be counseled about the limitations of HIPAA, especially when they use a platform on a smartphone, which uses applications that seldom have the same level of encryption as telehealth site equipment that is used over telehealth networks. Health information that patients store in a personal health record that is not offered through a provider or health plan is not covered by HIPAA. 

The HIPAA Security Rule provides technical and nontechnical safeguards that covered entities must follow to protect the security of individually identifiable health information that is stored or transmitted in electronic form. The technical safeguards require covered entities to establish: 

  • access controls (technical policies and procedures that allow only authorized persons to access electronically protected health information, including specifications for encryption) 
  • audit controls (hardware, software, and procedural mechanisms to record and examine access and other activity in information systems that contain or use electronically protected health information)
  • integrity controls (policies and procedures to ensure that electronically protected health information is not improperly altered or destroyed)
  • transmission security (technical security measures that guard against unauthorized access to electronically protected health information that is being transmitted over an electronic network)

Additionally, HIPAA outlines physical and administrative safeguards that help protect telehealth. Administrative safeguards include risk analysis, which requires conducting a review to evaluate the likelihood and effect of potential risks on electronically protected health information, as well as the implementation of security measures to address risks identified during the analysis. Physical safeguards include limiting physical access to electronic information systems.