The U.S. Department of Health and Human Services Office of Civil Rights has released two new patient privacy resources that healthcare organizations can use to educate patients about reducing their risk of having their protected health information compromised when using telemedicine technologies.
WHY IT MATTERS
The tips and resources offered on the HIPAA website are below Educate patients about privacy and security risks to protected health information when using remote communication technologies for telehealth – as recommended by the Government Accountability Office – explain how patients can maintain their privacy when having a virtual appointment at home and in public when accessing telehealth through a website, app or patient portal.
“Ensuring the privacy and security of PHI can help promote more effective communication between the provider and the patient, which is important for quality care,” OCR said.
The resource discusses how healthcare providers can explain what telehealth is, what remote communication technologies they will use in their planned telehealth session, the names of remote communication technology providers, how to find their websites, and what the inherent privacy risks are.
“Turn off devices like home security cameras and smart speakers or apps on your phone that respond to your voice so they don’t listen in on or record your telehealth appointment,” OCR advises patients.
Turning off nearby electronic devices that could eavesdrop on or record information is just one of the tips the agency charged with investigating patient data breaches is offering to telehealth patients.
Other high-level tips, with further explanations and resources, include:
- Make your telehealth appointment at a private location.
- Use a personal computer or mobile device – not a computer, mobile device or network connected to your workplace or a public environment.
- Install all available security updates on your computer or mobile device.
- Use strong, unique passwords and change your passwords regularly.
- Delete health information from your computer or mobile device when you no longer need it.
- Delete health information (including photos or videos) from your computer or mobile device.
- Enable two-step or multi-factor authentication, if available.
- Use encryption tools if available.
- Avoid using public Wi-Fi networks, such as in coffee shops or airports, and any USB ports at public charging stations.
Included in OCR’s accompanying handout – Telehealth privacy and security tips for patients – the tips can be shared directly with patients.
THE BIG TREND
Telehealth increases cyber risk to applications and endpoint security and challenges healthcare organizations in their efforts to comply with HIPAA.
With the feverish trend among cybercriminals to exfiltrate data, dozens of healthcare leaders are considering how healthcare systems can better protect patient privacy, and all the options to do so.
Dr. Eric Liederman, director of medical informatics for The Permanente Medical Group, says healthcare organizations must “convince our patients and our staff that we are protecting them.”
Adding patient education on basic cyber hygiene related to telehealth can be part of an organization’s endpoint security program.
ON THE RECORD
“Healthcare providers can support telehealth by helping patients understand privacy and security risks and effective cybersecurity practices so that patients can trust that their health information remains private,” OCR Director Melanie Fontes Rainer said in a statement.
Andrea Fox is editor-in-chief of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.