Please Choose Options to Checkout
New ways of communicating through videoconferencing technologies and web-based appointment systems have provided the means for many healthcare operations to continue and flourish. Telemedicine technology provides the means for many medical appointments to be held remotely, safely, and securely. And web-based appointment systems handle a tremendous amount of appointments for vaccines to deal with COVID-19.
While there are available secure services for telemedicine and appointment scheduling, there may be a need to use services that might not meet HIPAA security requirements in order to best meet the needs of patients and public health during the public health emergency. There might not be time to conduct the full information security risk analysis and business associate relationship establishment that would normally be expected.
In order to facilitate the delivery of services and necessary communications during the emergency, the US Department of Health and Human Services has issued guidance relaxing some HIPAA requirements pertaining to teleconferencing tools and appointment scheduling tools, and reiterating HIPAA allowances for communication with family and friends of patients. But it is still necessary to observe the requirements for Privacy and Security of patient information, particularly when sensitive information is discussed. And any implementation of new technology, from telemedicine to appointment scheduling, must be accompanied by an evaluation of the risks and mitigation of security issues.
The COVID-19 Emergency has created new demands on communications, and has made clear the need to provide services remotely to the extent possible, while continuing to protect the privacy and security of health information. Providers need to communicate more, between themselves and with their patients, using remotely provided systems and telehealth systems to enable meetings with both staff and clients.
With the current health emergency and limitations on face-to-face contact in providing services to patients, remote working has been instituted wherever it reasonably can, and the time to implementation of new communication services, such as telemedicine and appointment scheduling, to meet these needs leaves no room for the usual processes of approval and adoption that health care is used to.
Inadequate consideration of new technology can lead to significant penalties in the event of breaches of protected health information.
Areas Covered In The Session:
Social distancing to help prevent the spread of the novel coronavirus is effective, but offices are used to working as teams, face-to-face, and social distancing requires that staff that can work from home does work from home. In addition, patient care has typically required a face-to-face encounter, which can cause the spread of the virus in the process, and as infected individuals travel to and from appointments. It is essential to be able to work from home while protecting privacy and security and provide telemedicine services in order to reach the most individuals without risking harm.
Delivering COVID-19 vaccinations to thousands and millions of people requires a massive effort in scheduling the vaccinations, so as to help deliver vaccine to the most people while providing the physical distancing necessary to help prevent the spread of disease. Scheduling systems that can handle the deluge of requests for appointments may not strictly meet all HIPAA requirements, but may be necessary to get the job done in the emergency.
HIPAA calls for adequate consideration of privacy and security for patient information, considering administrative, technical, and physical security, and working from home impacts all of those safeguards. HIPAA regulations put controls on the appropriate technologies to use for communications, and can require that a Business Associate relationship be established when using any services that involve any persistence of custody of Protected Health Information, such as some communications and videoconferencing technologies and healthcare scheduling systems. Violations of HIPAA rules can lead to penalties in the millions of dollars. In addition, regulations on mental health, and on Substance Use Disorders in particular, are very strict and must be considered in addition to HIPAA.
HHS has announced the relaxation of enforcement pertaining to the use of teleconferencing technologies to provide remote medical services, allowing the use of such services to expand quickly, but limits on “public-facing” conferencing technologies remain. Likewise, a relaxation during the emergency has been announced for enforcing Security Rule compliance with vaccination site scheduling tools. Providers need to adopt the necessary technologies without fear of HIPAA violation enforcement actions during the COVID-19 Emergency and must understand the limits of what is permitted in order to best serve patients and their families.
During the COVID-19 health emergency, business-grade teleconferencing technologies have stepped in to fill the gap in Telemedicine services, and business-grade appointment scheduling systems are helping to meet the needs of vaccination services. HHS has recognized that such communication services, even while not necessarily meeting the letter of HIPAA regulations, can be used in a secure and reasonable way during the emergency, and has provided guidance to that effect. Commonly-used applications like FaceTime, Skype, and Zoom, that are not public-facing in their operation, may be used, but public-facing apps such as FaceTime Live or a chat room in Slack are not appropriate. This session will explain the difference between public- and non-public-facing services, what should be done in using the permitted services, and what must be done once the emergency is over and the relaxation of enforcement ends.
Issues of Physical Security for staff and their computing devices will be discussed, as well as requirements for the proper consideration of technical security and encryption for portable devices. The use of Risk Analysis as a tool to assist in the secure, compliant implementation of communication technology will be presented.
This session will discuss the issues surrounding the use of various communication technologies under HIPAA controls, and the recent guidance and declarations from HHS about HIPAA and the response to COVID-19.
- HIPAA Requirements for Secure Communications such as Telemedicine
- Different Types of Teleconferencing Security and HIPAA Compliance
- Web-based Appointment Scheduling and HIPAA Security
- Security Requirements that have Enforcement Discretion During the Pandemic
- Business Associate Requirements and Risk Analysis
- Making Telemedicine and Appointment Scheduling Routine and Secure
- Ensuring Good Practices After the Public Health Emergency
|Other Related Webinars:|
Who Should Attend:
- HIPAA Privacy Officers
- HIPAA Security Officers
- Information Security Officers
- Risk Managers
- Compliance Officers
- Privacy Officers
- Health Information Managers
- Information Technology Managers
- Information Systems Managers
- Medical Office Managers
- Chief Financial Officers
- Systems Managers
- Chief Information Officer
- Healthcare Counsel/lawyer
- Operations Directors
About the Presenter:
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of healthcare entities. He is a frequent speaker regarding HIPAA, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference. Jim Sheldon-Dean has more than 36 years of experience in policy analysis and implementation, business process analysis, information systems and software development, and eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.
You will receive an email with login information and handouts (presentation slides) that you can print and share to all participants at your location.
Operating System: Windows any version preferably above Windows Vista & Mac any version above OS X 10.6
Internet Speed: Preferably above 1 MBPS
Headset: Any decent headset and microphone which can be used to talk and hear clearly
Can’t Listen Live?
No problem. You can get access to On-Demand webinar. Use it as a training tool at your convenience.
For more information you can reach out to below contact:
Toll-Free No: 1-302-444-0162