Grimm Discusses Telehealth Best Practices, HIPAA Compliance, and Patient Education

Douglas said that telehealth best practices are straightforward principles that should align with existing efforts to comply with HIPAA regulations.

“Some of this is straightforward, which is a good thing because it emphasizes privacy and security measures that are important,” he said. “When a patient enters into a conversation with a physician, either the patient’s guard may be way up or maybe their guard goes down a little bit, just depending upon stress levels or the pre-existing relationship with the provider. But ensuring that the provider reiterates the information laid out in the OCR [Office for Civil Rights] guidance level sets.”

Douglas suggested that while healthcare providers should adhere to the guidelines, it's evident that the OCR is closely monitoring HIPAA compliance as telehealth technologies become increasingly advanced and widely used.

“There are going to be more lapses,” he said. “Unfortunately, that’s just inevitable with the growing patient volumes and speed of telehealth implementation.”

Douglas commended the OCR's initiative to encourage patient education about the technology and its provider. He emphasized that healthcare providers have a responsibility to clarify ownership of the technology and provide a point of contact for patients with inquiries about it.

“I like to see that emphasis out front. In previous guidance, I don’t think that point has been emphasized as clearly as it was in this recent guidance,” Douglas said. “The other thing I also appreciated was informing the patient of the schedule for future communications by the providers. I appreciate OCR’s guidance that a provider should make sure the patient understands how they would be contacted by the telehealth technology vendor and in what time frame. If I received an unsolicited email from a vendor, my initial instinct would be to simply disregard it.”

Read the full article here.