Digital Health 101: OCR Issues Resources To Educate Patients On Telehealth, PHI

Oleh Admin 28 Okt, 2023 Posting Komentar

Background

On October 18, 2023, the Office for Civil Rights (OCR) of the US Department of Health and Human Services (HHS) released two background documents that help explain the privacy and security risks of protected patient health information (PHI) when using telemedicine. Services, as well as ways to reduce this risk. In a press release announcing the recommendations, OCR Director Melanie Fontes Rayner noted that "[t]e-health is a great tool that can increase patient access [to health care] and improve [health care] outcomes." "[Healthcare] providers can support telehealth by helping patients understand privacy and security risks and effective cybersecurity practices so patients can be confident their health information will remain private."

These new resources illustrate the growing regulatory trend in the digital health environment to ensure the safety, security, and privacy of patient data (including pixel technology disclosures, artificial intelligence regulations, state and medical board data privacy laws). instructions).

Thoroughly

Resource #1: Overview of Telehealth Risks

By issuing this educational resource based on recommendations in the September 2022 Government Accountability Report (GAO), OCR aims to help healthcare providers explain health information privacy and security risks to patients. When using remote communication technologies such as video conferencing sites and telemedicine programs.

OCR notes that the Privacy, Security, and Breach Notification Rules of the Health Insurance Portability and Accountability Act (HIPAA Rules) do not require health care providers to notify patients of privacy and security risks. However, OCR's educational resources are designed to help providers: 1) explain the privacy and security risks of patient PHI when using telemedicine services and 2) share ways to reduce those risks. This information may also be useful for family members or the patient's personal representative. HHS encourages and reminds service providers to consider inclusive processes when communicating with people with disabilities ( eg , providing helpful resources, using language assistance services, or providing translation of materials).

Educational resources for the discussion offer:

Key technologies used in telehealth and telemedicine
The importance of privacy and security of PHI
Risks and Mitigation Strategies for Sharing, Storing, or Transmitting PHI Using Remote Communication Technologies.
See which communication technology providers are used to provide the Services and their privacy and security policies
The right to file a privacy complaint with OCR under HIPAA.

Resource #2: PHI Security Tips for Patients

OCR's Patient Advisory Resource provides recommendations that patients can implement to protect their privacy, security, and confidentiality when interacting with telemedicine technology , including the following:

Baca Juga

Schedule a telephone meeting in a private location ( such as a private room or in a parked car), use headphones, and do not use loudspeakers.
Turn off nearby electronic devices that may be listening or recording information.
Avoid using computers, mobile devices or networks at work or in public.
Install all available security updates on the computer or mobile device you use to access telemedicine.
Use strong and unique passwords; Do not use the same password for different accounts; And change your password regularly
Lock the home screen when the personal device is not in use
Deleting health data on personal devices
Enable two-step or multi-factor authentication (if available)
Use encryption tools (if available) to secure and protect information so that no one can read it without the required key or password.
Avoid public Wi-Fi networks and USB ports at public charging stations to reduce the risk of cybercrime and potential security vulnerabilities when using public resources.
Ask providers about the telemedicine environment and technology, as well as any devices that may be needed ( such as a headset or screen reader).
If you suspect that the link was sent from your address, contact your doctor.

The Patient Tips resource also provides links to more information on how to protect patient information.

Analysis

While not all telemedicine companies meet the definition of a HIPAA-covered entity, many may act as business associates or otherwise contract to maintain standards equivalent to those promulgated in the HIPAA regulations. While not required to read and follow the OCR guidelines, regardless of HIPAA status, telemedicine providers should: 1) be aware of the best practices and educational information described above, 2) be prepared to answer patient questions about these problems and 3) exercise caution.. Considerations and risks associated with their platforms. Accordingly, OCR's resources may be useful reading for privacy practitioners and others responsible for informing patients about the risks of telehealth services directly or indirectly through websites or patient forms.

Telehealth companies should also be aware of state laws and licensing board guidelines that require providers to disclose certain privacy and security information prior to a telehealth session and/or include technology-related materials ( eg, technical errors) in the consent. potential or inherent risks of virtual travel). In many ways, OCR's resources mirror state-level informed consent requirements. Therefore, now may be a good time for telehealth companies to review their existing policies and consent forms to assess whether any deficiencies need to be addressed.

In addition to maintaining a privacy policy and publishing (if applicable) a HIPAA Notice of Privacy Practices, telemedicine companies should consider creating FAQs or other patient-related materials that help explain privacy, security, and confidentiality issues specific to telemedicine . There are costs involved, especially when sending or storing health information on a computer or mobile device.