As a mental health services provider, you want to provide the best care you can for your patients and sometimes that means going the extra mile. And so you adjust your hours, meet on location and delve into treatment options like telehealth. But as you pursue this new technology, are you sure you’ve done so in accordance with HIPAA guidelines?
The new identity threat
Whether for work or for play, millions of Americans across the country have embraced video conferencing. As we’ve shifted to this form of communication, identity thieves and hackers have followed suit.
In the healthcare industry, this is especially troubling, as cyberattacks that harvest healthcare data are especially lucrative on the dark web — more so even than financial information. Reports show medical data can fetch as much as 10 times the value of other information.
For the healthcare providers that possess this valuable information, this puts their teleconferencing sessions directly in the crosshairs, and not all teleconferencing solutions are fit to provide the next level of protection telehealth sessions require.
So how do you know if your digital solution is up to the task? Compare your provider against these essential HIPAA guidelines.
Business associate agreement
This is the most important clause when considering a provider for telehealth services. The HIPAA Omnibus Rule requires any communications provider engaged in the transmission or reception of personal health information to take part in a business associate agreement (BAA). The BAA shields a person’s PHI from being improperly disseminated, and companies refusing to sign a BAA are therefore out of compliance with HIPAA. Larger providers like Skype have not signed such an agreement, so research your provider’s stance on this issue before engaging in any sessions.
Up to speed
Federal guidelines require any provider that transmits PHI to do so with an encryption level of at least 128 bits. As technology continues to improve, this number becomes more and more accessible, but checking this statistic is a quick and easy task.
Audits and security protection
Under the aptly named HIPAA Security Rules, HIPAA-approved providers must provide audit controls that allow for the review and monitoring of any and all parties that have gained access to individual examples of PHI. This same control network must also provide all applicable parties notice of any breach so security measures can be taken as quickly as possible.
Finding the right provider for you
- Signal: A free app that offers encoded messaging and video systems, Signal is safe and easy to use. You can find step-by-step instructions for conducting your first session with the Signal app here.
- VSee: Any app that satisfies the guidelines put forth by the National Institute of Standards and Technology is certainly appealing. VSee also enjoys widespread use in numerous government agencies, furthering its reputation as a safe and secure option.
- Doxy.me: While it doesn’t have a security level sufficient to meet the National Institute of Standards and Technology, Doxy.me still has plenty to like. Small businesses and solo practices can use the base version for free, while larger practices can take advantage of the perks available in the paid alternative.
Any of these apps can be a useful tool, not only to support your behavioral health practice’s telehealth offerings but to ensure your HIPAA compliance. Add one to your portfolio today and you can return to serving your patients in the manner that best works for them and your practice.