In telemedicine HIPAA Compliance is essential
How easily HIPAA can be considered breached or violated
HIPAA can be considered breached or violated in multiple ways. When practicing telemedicine vigilance in HIPAA compliance is essential. The HIPAA security rule sets standards for ensuring that patients data is secure. These standards apply to data that is stored and data that is transferred electronically. Commercial video conferencing platforms are not held to the same standards. They may lack encryption and other important security features. Patient data such as electronic medical files, images, and videos are key features of telehealth video conferencing. This data requires the same assurance of protection as patient information collected and used during in-person visits.
Only a HIPAA compliant telemedicine service can guarantee teleconferencing with this necessary level of security.
How easily HIPAA can be considered breached or violated:
- If HIPAA security rule is not followed you may be subject to large fines, lawsuits, and potential jail time
- There are many little things that could potentially create a large issue
- Physicians are able to sign notes and be able to have to access to everything
- NP can’t change certain notes or alter or destroy protected health information
- How this applies and works with clinics and other facilities
- Showing providers and healthcare organizations how committed HIPAA Video is to helping their practices maintain HIPAA compliance and not risking malpractices lawsuits, breaches, or violations
- Recommendation: Requirement for the password to be changed every three months
- Have something that states the importance of how the HIPAA security rule relates to passwords
- Who has access to and can log in into account
- Who has access to passwords?
- What if a device becomes lost or stolen?
- All of this data can be breached
- Not saving the password on auto-save, so you are able to login in without typing out information
- Secured workstations
- Any device
- Cellphone, personal laptop, desktop, etc.
- Opens a window to a security breach
- Right now this is not secure
- Secure lock screen:
- Corner of the screen (click it)
- Then re-click button when back to the workstation (lobby)
- Type in a pin, passcode, facial recognition, Google push duo
- Integrity Controls
- In order to maintain the integrity of patient records, health data should not be destroyed or altered in any unauthorized way
- Ie. The patient said to Dr. complained of chest pains, Dr. prescribed medicine and was the wrong prescription. The patient passed away, and family files lawsuit.
- Dr. can edit notes
- They are not signed
- How are they being signed?
- Are they time stamped?
- Access controls
- End to end encryption
- Two-step authentication
- Biometrics, facial recognition, codes
- The use of a certified electronic health record technology (CEHRT) does not mean the practice or organization is compliance with HIPAA
- Security functions in CEHRT may be turned off, which can create vulnerabilities
- These can be counterintuitive to the Privacy and Security Rule
- Promote the use of anti-virus
- Promote using different passwords that are commonly used by the provider