With social distancing measures in place to combat the COVID-19 virus, healthcare providers are rethinking how they deliver patient care. Many routine visits have been canceled indefinitely, but other appointments—follow-up visits after surgery or mental health checkups, for example—are time-sensitive. Many offices are advising patients not to physically come into the office if they think they might have the coronavirus in an effort to stop the spread. To ensure patients get the right care when they need it most, more doctors have turned to telehealth.
It's true that though voice and video conferencing are convenient, both patients and providers are new to this approach to healthcare and the technology that makes it possible. Many worry whether personal data shared on a video call will stay confidential and be secure. They also may be concerned about how the federal government's HIPAA rules apply to telehealth. In fact, additional guidance was recently published in the form of FAQs to help providers maintain access to care during the pandemic.
Telemedicine technology can help healthcare providers lower the risk of infection and flatten the curve, but it has to be reliable and easy-to-use. With a voice and video conferencing solution that's certified HIPAA-compliant, like MiCloud Connect, they can ensure each and every doctor-patient communication is both personal and secure.
Voice and video conferencing: Improved patient care during COVID
Though electronic communications in patient care have become commonplace, they've been limited to emails and text messages delivered through protected portals. Video was primarily used by hospitals or other facilities. For instance, a stroke victim in one hospital could be "seen" by a neurologist sitting in an office 10 miles away. But as the coronavirus is forcing patients to stay at home, the demand for remote health services has surged. Fortunately, communications and collaboration tools have evolved and become more widely available, so healthcare professionals everywhere now have an opportunity to take advantage of the full power of telemedicine.
Imagine getting a call from a patient who suspects they have the coronavirus. Instead of asking them to come to your office, you ask your nurse practitioner to conduct a televisit. She'll review the patient's symptoms and decide whether they should stay home or go to a testing facility. Voice and video conferencing is an opportunity to triage and keep contagious patients isolated. Not only do your patients receive faster care, they avoid traveling to your office and sitting in the waiting room, possibly infecting others—including your staff.
Further, as more patients use health mobile apps, they'll be able to send medical information such as vital signs directly to your office to help with diagnosis. In the future, Internet of Things (IoT) devices will expand this type of data transfer, providing healthcare professionals with just-in-time, accurate information. When this data is combined with a video consultation, physicians will be able to deliver better care to more patients. Remote care can extend well beyond COVID-19, enabling doctors to provide guidance on a myriad of conditions and illnesses.
Learn More About Our HIPAA-Compliant Phone Systems And Collaboration Tools For Healthcare >
How HIPAA impacts patient-provider communications
The goal of the Health Insurance Portability and Accountability Act (HIPAA), enacted in 1996, is to ensure the security and confidentiality of personal health information. Healthcare providers must ask patients for explicit permission that covers who may or may not see their medical records. But what does HIPAA have to say about patient-provider communication when using collaboration tools like video and voice conferencing? The answer to this question has become a hot topic as patients sit on hold for hours for a telemedicine consult.
In short, the rules are the same as they in other healthcare communications. The patient must give permission for providers to communicate via electronic means, and only those authorized should have access to this electronic personal health information (ePHI). Consequently, any technology used to support patient-provider communication needs to be certified HIPAA-compliant, with the data protected at all levels. If the ePHI is stored by a third party—like a business VoIP provider—they must enter into a Business Associate Agreement (BAA) with the healthcare organization and demonstrate exactly how they protect information.
Many patients might ask, why can't I just use FaceTime or Skype to communicate with my doctor? The answer: These services can't ensure the safety of their data. By working only with vendors who are certified HIPAA-compliant, healthcare providers ensure patient information—including video, images and files—meet the regulation's requirements. It's important to note that the recent FAQs issued by the U.S. Department of Health and Human Services (HHS) say they won't penalize providers for using popular video chat applications such as FaceTime to provide telehealth services during the pandemic in good faith. However, the use of live streaming applications such as Facebook Live, is still prohibited.
Learn more > A Vendor's Prescription for HIPAA Security and Compliance
How to Safeguard Patient-Provider Communications
- Patient consent. Before using voice or video conferencing for patient-provider communications, receive permission from the patient to do so and document their approval in their medical record. Your technology vendor should be able to support this via your electronic record system.
- Consult in private. Just as with in-person consultations, providers should be sure that, while they're communicating via phone or video, unauthorized individuals aren't able to hear the conversation. Privacy restrictions are just as important amidst the COVID-19 pandemic. Find an office with a door where you can hold the conversation privately.
- HIPAA-compliant technology. HHS has specific guidelines that third-party BAAs must adhere to in order for their technology to be certified as HIPAA-compliant. There should be multi-layer security frameworks with physical, technical and administrative safeguards in place. While some restrictions have been eased during the pandemic, this is temporary and it's always safer and more secure to use a compliant vendor.
- Monitor. In order to prevent data breaches, it's essential to monitor all communications containing ePHI. Make sure your business VoIP vendor has a system in place to catch problems as soon as they arise.
- Keeping data safe. Because ePHI data is so important, its encryption is necessary to prevent breaches of privacy. Business VoIP vendors must also have robust backup and data recovery systems. Don't hesitate to ask any potential vendor what plan they have in place to protect and recover your data if an emergency occurs. Also, ask what systems they use to identify potential threats.
- Centrally issued usernames and passwords. A secure voice and video conferencing solution vets any user by controlling usernames and passwords. In this way, no one without the appropriate authorization can view patient records.
- Automatic log off. The technology must also have an automatic log-off feature so computers disconnect if the system isn't used for a certain period of time. That helps prevent unauthorized users from gaining access to ePHI.
With the COVID-19 pandemic, telemedicine has taken off. The tools are available to support this major shift in healthcare delivery. A voice and video conferencing solution that is certified HIPAA-compliant will enable patients and healthcare providers to easily and safely connect.