As with conventional medicine, a telehealth and video caregiver must uphold to the same duties to safeguard a patients' medical records and keep their treatments confidential. In addition, storage of electronic documents, pictures, audio/video recordings, etc. must uphold the same precaution and care credited to paper documents.
The issues regarding privacy and confidentiality in the medical field are not necessarily any different in an "electronic" environment. Some patients might feel skeptical about the idea or use ofvideo with its lack of visual prompts or cues. Additionally, fears about the reliability, the technology, and the potential devastation of a loss of their protected health information (PHI) may leave some distrustful of telehealth.
Some of these concerns with technology or services may be addressed through a combination of technical and security measures such as the enforcement of the privacy rule within the Health Insurance Portability and Accountability Act of 1996 (HIPAA), California AB-415, and other items to address below.
Certain video services such as Skype® have known issues with security and privacy - at this time, this particular service fails to offer a business associate agreement (BAA) that "upholds the HIPAA privacy rules" and has failed to receive any HIPAA security certifications. The failure to have HIPAA security measures in place opens the opportunities for HIPAA breaches.
When reviewing telehealth for use in medical environments, things to address are:
- HIPAA Privacy Rules
- Notice of Privacy Practices
- Business Associate Agreement
- California Assembly Bill 415 re: telehealth (AB-415)
Caution and security should be paramount when contemplating any telehealth services.
Authored by
Allan Ridings
Senior Risk Management & Patient Safety Specialist
If you have questions about this article, please contact us. This information should not be considered legal advice applicable to a specific situation. Legal guidance for individual matters should be obtained from a retained attorney.