When cybersecurity threats are evolving at an unprecedented pace, healthcare practitioners and their employers can no longer afford to remain complacent; the latest advisories from leading cybersecurity experts and policymakers serve as a clarion call for immediate action related to telehealth privacy. The most relevant of these advisories to telehealth practitioners is the release of two essential resource documents by the Office for Civil Rights (OCR) within the US Department of Health and Human Services (HHS). They guide healthcare providers and patients to effectively navigate the growing complexities of telehealth privacy and security, particularly in the context of Protected Health Information (PHI). These documents are intended to augment the National Security Strategy released in March. Simultaneously, Telehealth.org has launched a specialized course on cybersecurity for healthcare providers, amplifying and focusing these efforts on the needs and resources of most relevance to the behavioral telehealth community in particular.
For Healthcare Providers: A Multidimensional Framework
The first HHS resource tailored for healthcare providers is “Educating Patients about Privacy and Security Risks to Protected Health Information when Using Remote Communication Technologies for Telehealth.” Although the title is a mouthful and compliance with HIPAA does not directly mandate patient education, a client’s understanding of privacy measures is foundational to establishing and maintaining privacy. The document is an up-to-date and easy-to-understand guide for providers to share and discuss with clients and patients if and when appropriate.
The document’s focus areas include:
Available telehealth options for patients
Potential PHI risks associated with remote communication technologies
Privacy and security protocols of remote communication technology vendors
Applicability of civil rights laws in the telehealth milieu.
Telehealth.org’s Cybersecurity Course for Providers
To complement this guidance, Telehealth.org offers a carefully designed course on cybersecurity for healthcare providers. The course reflects the current state of affairs concerning cybersecurity for behavioral practitioners. It delves into effective cybersecurity protocols, regulatory compliance, and best practices to safeguard providers and patients in the telehealth ecosystem. See details here.
For Patients: Empowering Through Information
The second HHS document, designed for patients and available at no cost, is termed “Telehealth Privacy and Security Tips for Patients.” It offers practical measures that patients can employ to protect their PHI during telehealth consultations, such as:
Ensuring a private setting for telehealth appointments
Enabling multi-factor authentication options
Using encryption technologies
Avoiding public Wi-Fi for telehealth interactions.
Links to Resources
The commitment to secure telehealth doesn’t end here. The HHS regularly updates its official portal with fresh resources, FAQs, and compliance tools for healthcare providers and patients.
The Guidance for Healthcare Providers can be accessed here.
The Guidance for Patients is available for review here.
Conclusion
The guidance documents from the HHS and the specialized cybersecurity course from Telehealth.org collectively serve as cornerstone resources in the commitment to ethical and secure telehealth practices. This is especially relevant for healthcare providers and patients within the behavioral health sector. By equipping yourself and your patients with this knowledge, you are taking an essential step towards a safer, more secure telehealth privacy experience.
HIPAA Compliant Cybersecurity for Professionals
Must-know information about how to protect your telehealth practice