On Oct. 18, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), issued two resource documents to help explain to patients the privacy and security risks to their protected health information (PHI) when using telehealth services and ways to reduce these risks.
The first resource is for health care providers on “Educating Patients about Privacy and Security Risks to Protected Health Information when Using Remote Communication Technologies for Telehealth.” Although health care providers are not required by the HIPAA Rules to provide this education, the resource supports the continued and increased use of telehealth by providing information to help health care providers who choose to discuss telehealth privacy and security with patients. The resource provides suggestions for discussing:
- Telehealth options offered
- Risks to PHI when using remote communications technologies
- Privacy and security practices of remote communication technology vendors
- Applicability of civil rights laws
OCR also issued a resource for patients called “Telehealth Privacy and Security Tips for Patients.” This resource provides recommendations that patients can implement to protect and secure their health information such as:
- Conduct telehealth appointment in a private location
- Turn on multi-factor authentication if available
- Use encryption when available
- Avoid public Wi-Fi networks
“Telehealth is a wonderful tool that can increase patients’ access to health care and improve health care outcomes,” said OCR Director Melanie Fontes Rainer. “Health care providers can support telehealth by helping patients understand privacy and security risks and effective cybersecurity practices so patients are confident that their health information remains private.”
The Guidance on Educating Patients about Privacy and Security Risks to Protected Health Information when Using Remote Communication Technologies for Telehealth may be found at https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/telehealth-privacy-security/index.html.
The Guidance on Telehealth Privacy and Security Tips for Patients may be found at https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/resource-health-care-providers-educating-patients/index.html.
HHS has the press release.
