In late April 2020, Coker conducted a survey evaluating how healthcare organizations are adopting, implementing, and utilizing telehealth solutions, with particular focus on utilization amidst the COVID-19 pandemic and resulting changes in physician-patient dynamics. Read the Summary of Results, Part 1, and Summary of Results, Part 2 for our detailed observations.
In our recent survey on telehealth, we observed the rapid onset of using non-medical grade screen sharing platforms (Microsoft Teams, Zoom, Skype, etc.) to conduct telehealth visits. Until COVID-19, these platforms were used almost exclusively in a commercial business office setting for conducting meetings with remote employees and clients. It was unthinkable to use these platforms for telemedicine visits pre-COVID because they are not HIPAA compliant. Many people on Capitol Hill started voicing worries because the patient privacy concerns were so significant. On March 31, 2020, Senator Richard Blumenthal sent a letter to Eric Yuan, CEO and Chairman of Zoom, asking for insight into the video conferencing platform’s privacy and security practices because of the drastic increase in its popularity during the COVID-19 pandemic. Shortly thereafter, Zoom released a HIPAA compliant version for purchase.
However, many medical practices are still using the free version which is not HIPAA compliant. These business-grade screen sharing platforms are also missing critical telehealth features and functions such as a privacy notice, a consent notice, and the ability to process documentation or capture and code for a visit. COVID-19 created the need for healthcare providers to respond quickly to patients and these business-grade platforms offered easy access and low cost for healthcare providers. The logic of using these business-grade platforms was understandable. However, now we need to upgrade to a medical-grade telemedicine platform that is fully integrated with an electronic health record (EHR). In response to the national health emergency (COVID-19), the Office for Civil Rights (OCR) is covering healthcare providers who are subject to HIPAA Privacy, Security and Breach Notification Rules (the HIPAA Rules) and may seek to communicate with patients and provide telehealth services through remote communications technologies. Some of these technologies, and the way HIPAA-covered healthcare providers use them, may not fully comply with the requirements of the HIPAA Rules according to this notice:
“Under this Notice, covered health care providers may use popular applications that allow for video chats, including Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, Zoom, or Skype, to provide telehealth without risk that OCR might seek to impose a penalty for noncompliance with the HIPAA Rules related to the good faith provision of telehealth during the COVID-19 nationwide public health emergency. Providers are encouraged to notify patients that these third-party applications potentially introduce privacy risks, and providers should enable all available encryption and privacy modes when using such applications. Under this Notice, however, Facebook Live, Twitch, TikTok, and similar video communication applications are public facing, and should not be used in the provision of telehealth by covered health care providers.”
While enforcement of the HIPAA Rules has relaxed in response to COVID-19, patient privacy will continue to be a top priority because it can create significant risk and liability for a medical practice. As medical practices become more comfortable with the concept of telehealth, it is a good time to start looking beyond the business-grade screen sharing platforms and consider a product that has been developed specifically for patient care and fully integrated into the EHR.
Download our free checklist on selecting a medical-grade telehealth platform.