Privacy rule

As more providers begin to offer telehealth services, it is important that the HIPAA Privacy Rule and other regulations are still followed. Telehealth presents its own unique set of challenges when it comes to HIPAA because it allows healthcare providers to consult patients from anywhere just as it allows patients to be anywhere while receiving their check-ups. This presents privacy concerns because either party may not be in a secure area and they may not be using secure devices which is. This article will go over the HIPAA Privacy Rule.

What is telehealth?

Telehealth is the use of electronic information and telecommunications technology to support, facilitate and promote long-distance healthcare, patient and professional health-related education, public health and health administration. Telehealth and telemedicine providers are HIPAA-covered entities. The term telehealth is broader than “telemedicine.” Telemedicine is defined as the remote diagnosis and treatment of patients using telecommunications technology. Telemedicine is limited to the practice of medicine, while telehealth covers the entire spectrum of healthcare activities and components.

What are telehealth technologies?

  • Video chat: Live video chat features a two-way video conversation between a healthcare provider and patient.
  • Store-and-forward transmission: Store-and-forward transmission consists of transmission of a recorded health history to a health practitioner, usually a specialist.
  • Mobile health apps: Mobile health apps provide health care and public health information through mobile devices such as smartphones or tablets. The information may include general educational information, targeted texts, and notifications about disease outbreaks.
  • Remote patient monitoring (RPM): Remote patient monitoring is the use of connected electronic tools to record personal health and medical data in one location for review by a provider in another location, usually at a different time.

What is HIPAA for telehealth?

HIPAA for telehealth is not a unique legal concept. Telehealth does not alter, change or modify a healthcare entity’s obligations to follow the HIPAA Security Rule, the HIPA Privacy Rule, the HIPAA Breach Notification Rule or the HIPAA Omnibus Rule. HIPAA does not contain a specific provision that is devoted specifically to telehealth. But, if a covered entity is using telehealth that involves protected health information, the entity must meet the same HIPAA requirements that they would need to if the services were provided in-person.

What is the HIPAA Privacy Rule?

Generally, a business associate is a person or organization, other than a member of a covered entity’s workforce, that performs certain duties or activities on behalf of, or provides certain services to, a covered entity that involves the use or disclosure of protected health information (PHI). Telehealth practices, which are covered entities, frequently require that a telehealth provider uses the services of a business associate. Information technology companies commonly perform functions for or provide services to covered entities.

If these services involve access by the business associate to protected health information, the HIPAA Privacy Rule comes into play. Under the HIPAA Privacy Rule, a covered entity may disclose protected health information to a business associate and may allow that business associate to create, receive, maintain or transmit protected health information on its behalf, but only if the covered entity receives satisfactory assurances that the business associate will take appropriate safeguards with the protected health information.

The Privacy Rule protects the protected health information and medical records of individuals, with limits and conditions on the various uses and disclosures that can and cannot be made without prior patient authorization. The HIPAA Privacy Rule also gives every patient the right to inspect and receive a copy of their records and ask for corrections to their medical file. It’s important to know that there are specific forms that coincide with this rule:  Request of Access to Protected Health Information (PHI); Notice of Privacy Practices (NPP) Form; Request for Accounting Disclosures Form; Request for Restriction of Patient Health Care Information; Authorization for Use or Disclosure Form; and the Privacy Complaint Form.

Understanding the HIPAA Privacy Rule and all HIPAA rules and regulations is vital for healthcare providers that are making the switch to telehealth. We offer a HIPAA course where you can learn everything from privacy laws, security risks to safeguards and more in one convenient place online. For more information, please don’t hesitate to get in contact with us today. 

Learn more about telehealth by exploring articles online or take our free courses at Telehealthist.com.