{"id":21641,"date":"2020-04-07T12:16:46","date_gmt":"2020-04-07T17:16:46","guid":{"rendered":"https:\/\/osteopathic.org\/?page_id=21641"},"modified":"2020-04-10T13:40:17","modified_gmt":"2020-04-10T18:40:17","slug":"navigating-hipaa-and-telemedicine-during-covid-19","status":"publish","type":"page","link":"https:\/\/osteopathic.org\/practicing-medicine\/telemedicine\/navigating-hipaa-and-telemedicine-during-covid-19\/","title":{"rendered":"Webinar: Telemedicine &#038; HIPAA"},"content":{"rendered":"<p>The AOA webinar below, featuring Lee Hamil Little, JD &amp; Brian Tuttle, CPHIT, CPA, CHA, CBRA, CISSP, was recorded on April 6, 2020.<\/p>\n<p><iframe loading=\"lazy\" src=\"https:\/\/www.youtube.com\/embed\/bMk3gJcGQTE\" width=\"660\" height=\"400\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><span data-mce-type=\"bookmark\" style=\"display: inline-block; width: 0px; overflow: hidden; line-height: 0;\" class=\"mce_SELRES_start\">\ufeff<\/span><span data-mce-type=\"bookmark\" style=\"display: inline-block; width: 0px; overflow: hidden; line-height: 0;\" class=\"mce_SELRES_start\">\ufeff<\/span><\/iframe><\/p>\n<p>View <a href=\"https:\/\/osteopathic.org\/wp-content\/uploads\/HIPAA-and-COVID19.ppt-Little-Tuttle-4-6-2020.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">slides<\/a> for this webinar, or view a summary below. To register for CME, please visit <a href=\"https:\/\/aoaonlinelearning.osteopathic.org\/course\/info.php?id=311\" target=\"_blank\" rel=\"noopener noreferrer\">AOA Online Learning<\/a>.<\/p>\n<h3>HIPAA waiver announcement<\/h3>\n<p>Last month,\u00a0<a href=\"https:\/\/www.hhs.gov\/sites\/default\/files\/hipaa-and-covid-19-limited-hipaa-waiver-bulletin-508.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">HHS announced<\/a>\u00a0a limited waiver of HIPAA sanctions and penalties during COVID-19.<\/p>\n<p>The waived sanctions and penalties, effective March 15, include those for failing to obtain a patient\u2019s agreement before speaking with family members or friends involved in their care and failing to distribute a notice of privacy practices, among others. In addition, physicians practicing telemedicine are now effectively permitted to use popular software such as FaceTime and Skype to conduct virtual patient visits.<\/p>\n<p>For more detailed information on how HIPAA privacy disclosures are permitted under emergency situations, please read pages 17-23\u00a0<a href=\"https:\/\/thedo.osteopathic.org\/wp-content\/uploads\/2020\/04\/HIPAA-and-COVID19.ppt-Little-Tuttle-4-6-2020.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">in the slides<\/a>\u00a0that accompanied this webinar.<\/p>\n<h3>Frequently asked questions<\/h3>\n<p><strong>What disclosures are we permitted to make to public authorities relating to COVID-19 cases?<\/strong><\/p>\n<ul>\n<li>Physicians may disclose PHI about suspected COVID-19 patients to public health authorities that are authorized by law to receive it, based on the \u201cminimum necessary\u201d standard. Some states require these disclosures.<\/li>\n<\/ul>\n<p><strong>What about responding to the media?<\/strong><\/p>\n<ul>\n<li>Disclosures to the media are not permitted unless authorization is provided by the patient. However, physicians can share de-identified information such as the number of patients being treated.<\/li>\n<\/ul>\n<p><strong>What about the risks of internal staff access?<\/strong><\/p>\n<ul>\n<li>Staff are not permitted to access patient records unless it is necessary for their job.<\/li>\n<li>Physicians should make sure their staff are aware that everything done within an EHR system is tracked.<\/li>\n<li>Audit logs must be reviewed periodically by the appointed HIPAA Security Officer or other designee.<\/li>\n<\/ul>\n<h3>Impact on telemedicine<\/h3>\n<p>Following the\u00a0<em>good faith<\/em>\u00a0provision of HIPAA Rules on telehealth, as of March 17 and throughout the COVID-19 pandemic, there will be no OCR-imposed penalties for HIPAA noncompliance.<\/p>\n<p>What does\u00a0<em>good faith<\/em>\u00a0mean?<\/p>\n<ul>\n<li>From OCR: \u201cA covered health care provider that wants to use audio or video communication technology to provide telehealth to patients during the COVID-19 nationwide public health emergency can use any\u00a0<em>non-public<\/em>\u00a0facing remote communication product that is available to communicate with patients.\u201d<\/li>\n<li>Example: a physician exercising their professional judgement may examine a patient via a video chat application.<\/li>\n<\/ul>\n<p>What is a\u00a0<em>non-public facing<\/em>\u00a0remote communication product?<\/p>\n<ul>\n<li>These include Apple FaceTime, Facebook Messenger video chat, Google Hangouts video and Skype (a list of other accepted technologies can be found on page 39 of the slide deck).<\/li>\n<li>Facebook Live, Twitch, TikTok, and similar video communication applications\u00a0<em>are<\/em>\u00a0public facing and should not be used in the provision of telehealth by covered health care providers.<\/li>\n<\/ul>\n<h3>Countering the risks of telemedicine<\/h3>\n<p>Little and Tuttle recommend putting a telecommuting policy in place at your office, emphasizing the following points:<\/p>\n<ul>\n<li>Protecting protected health information (PHI), electronic protected health information (EPHI) and the other confidential information is every employee\u2019s responsibility.<\/li>\n<li>Any practice or patient-related materials taken to the remote work area should be maintained in your designated remote work area and not be made accessible to others.<\/li>\n<li>All confidential information, including PHI and EPHI, will only be accessed through and stored within the practice\u2019s internal network or cloud-hosted electronic health records (EHR) system.<\/li>\n<li>Additionally, keep your voice low when speaking to a patient, and don\u2019t use speaker phones.<\/li>\n<li>Do not copy or store protected health information on home computers or laptops.<\/li>\n<li>Ensure any wireless use is encrypted by avoiding public WiFi and making sure any portable laptop which maintains PHI is fully encrypted. If that\u2019s not possible, file or folder-level encryption should be used.<\/li>\n<li>If you are not able to access a network drive or EHR system, but have the need to save files locally to the computer, notify the HIPAA Security Official or practice manager to discuss available options.<\/li>\n<li>Encryption must be used when transmitting PHI where possible.\n<ul>\n<li>If a patient requests their information be sent via non-encrypted means, such as texting, they should acknowledge the risk of this type of transmission and opt in.<\/li>\n<li>Texting of PHI among staff members should never be done without encryption.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Beware of hackers<\/h3>\n<p>Unfortunately, hackers have taken advantage of this pandemic. Their risks are low and their rewards are high. To make sure your office is prepared, educate all staff members on common-sense cybersecurity measures and how hackers leverage spoof emails.<\/p>\n<p>Be aware of ransomware, a type of virus that comes through emails that attacks databases and folders on your computers and requires you to pay a hacker in bitcoin for an encryption key. The OCR classifies ransomware attacks on non-encrypted folders with health information in them as HIPAA breaches. Safe Harbor may apply if a folder is encrypted and hacked anyway.<\/p>\n<h3>Legal ground<\/h3>\n<p>There is no private cause of action allowed to an individual to sue for a violation of the federal HIPAA or any of its regulations, Little and Tuttle note. This means you do not have a right to sue based on a violation of HIPAA by itself.<\/p>\n<p>Nonetheless, physicians must stay diligent. If you are negligent and do not meet \u201cgood faith\u201d requirements, you can be held accountable for civil violations of state negligence laws. Cases of these violations are creating precedence.<\/p>\n<p>If a HIPAA violation resulted in damages, meaning a patient suffered some kind of verifiable financial loss, slander or defamation, they may have a\u00a0<a href=\"https:\/\/www.injuryclaimcoach.com\/civil-litigation-process.html\" target=\"_blank\" rel=\"noopener noreferrer\">civil claim<\/a>\u00a0against the individual who violated their HIPAA rights.<\/p>\n<h3>Resources<\/h3>\n<p class=\"page-title\"><span class=\"field field--name-title field--type-string field--label-hidden\"><a href=\"https:\/\/www.healthit.gov\/topic\/privacy-security-and-hipaa\/security-risk-assessment-tool\" target=\"_blank\" rel=\"noopener noreferrer\">Security Risk Assessment Tool<\/a>\u00a0from HealthIT.gov.<\/span><\/p>\n<p><a href=\"https:\/\/www.hhs.gov\/sites\/default\/files\/hipaa-simplification-201303.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">HIPAA Administrative Simplification<\/a>\u00a0from HHS.<\/p>\n<p>If you are audited by HIPAA,\u00a0<a href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/compliance-enforcement\/audit\/protocol\/index.html\" target=\"_blank\" rel=\"noopener noreferrer\">this is their protocol<\/a>.<\/p>\n<p>When in doubt, always fact check with HHS, and always check their information against your state\u2019s laws.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The AOA webinar below, featuring Lee Hamil Little, JD &amp; Brian Tuttle, CPHIT, CPA, CHA, CBRA, CISSP, was recorded on April 6, 2020. \ufeff\ufeff View slides for this webinar, or view a summary below. To register for CME, please visit AOA Online Learning. HIPAA waiver announcement Last month,\u00a0HHS announced\u00a0a limited waiver of HIPAA sanctions and &hellip; <a href=\"https:\/\/osteopathic.org\/practicing-medicine\/telemedicine\/navigating-hipaa-and-telemedicine-during-covid-19\/\" class=\"readmore\">Read More<\/a><\/p>\n","protected":false},"author":30513,"featured_media":0,"parent":21484,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.4 (Yoast SEO v21.4) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Webinar: Telemedicine &amp; HIPAA - American Osteopathic Association<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/osteopathic.org\/practicing-medicine\/telemedicine\/navigating-hipaa-and-telemedicine-during-covid-19\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Webinar: Telemedicine &amp; HIPAA\" \/>\n<meta property=\"og:description\" content=\"The AOA webinar below, featuring Lee Hamil Little, JD &amp; Brian Tuttle, CPHIT, CPA, CHA, CBRA, CISSP, was recorded on April 6, 2020. \ufeff\ufeff View slides for this webinar, or view a summary below. To register for CME, please visit AOA Online Learning. HIPAA waiver announcement Last month,\u00a0HHS announced\u00a0a limited waiver of HIPAA sanctions and &hellip; Read More\" \/>\n<meta property=\"og:url\" content=\"https:\/\/osteopathic.org\/practicing-medicine\/telemedicine\/navigating-hipaa-and-telemedicine-during-covid-19\/\" \/>\n<meta property=\"og:site_name\" content=\"American Osteopathic Association\" \/>\n<meta property=\"article:modified_time\" content=\"2020-04-10T18:40:17+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/osteopathic.org\/practicing-medicine\/telemedicine\/navigating-hipaa-and-telemedicine-during-covid-19\/\",\"url\":\"https:\/\/osteopathic.org\/practicing-medicine\/telemedicine\/navigating-hipaa-and-telemedicine-during-covid-19\/\",\"name\":\"Webinar: Telemedicine & HIPAA - American Osteopathic Association\",\"isPartOf\":{\"@id\":\"https:\/\/osteopathic.org\/#website\"},\"datePublished\":\"2020-04-07T17:16:46+00:00\",\"dateModified\":\"2020-04-10T18:40:17+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/osteopathic.org\/practicing-medicine\/telemedicine\/navigating-hipaa-and-telemedicine-during-covid-19\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/osteopathic.org\/practicing-medicine\/telemedicine\/navigating-hipaa-and-telemedicine-during-covid-19\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/osteopathic.org\/practicing-medicine\/telemedicine\/navigating-hipaa-and-telemedicine-during-covid-19\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/osteopathic.org\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Practicing Medicine\",\"item\":\"https:\/\/osteopathic.org\/practicing-medicine\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Telemedicine\",\"item\":\"https:\/\/osteopathic.org\/practicing-medicine\/telemedicine\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Webinar: Telemedicine &#038; HIPAA\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/osteopathic.org\/#website\",\"url\":\"https:\/\/osteopathic.org\/\",\"name\":\"American Osteopathic Association\",\"description\":\"Advancing the distinctive philosophy and practice of osteopathic medicine\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/osteopathic.org\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Webinar: Telemedicine & HIPAA - American Osteopathic Association","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/osteopathic.org\/practicing-medicine\/telemedicine\/navigating-hipaa-and-telemedicine-during-covid-19\/","og_locale":"en_US","og_type":"article","og_title":"Webinar: Telemedicine & HIPAA","og_description":"The AOA webinar below, featuring Lee Hamil Little, JD &amp; Brian Tuttle, CPHIT, CPA, CHA, CBRA, CISSP, was recorded on April 6, 2020. \ufeff\ufeff View slides for this webinar, or view a summary below. To register for CME, please visit AOA Online Learning. HIPAA waiver announcement Last month,\u00a0HHS announced\u00a0a limited waiver of HIPAA sanctions and &hellip; Read More","og_url":"https:\/\/osteopathic.org\/practicing-medicine\/telemedicine\/navigating-hipaa-and-telemedicine-during-covid-19\/","og_site_name":"American Osteopathic Association","article_modified_time":"2020-04-10T18:40:17+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/osteopathic.org\/practicing-medicine\/telemedicine\/navigating-hipaa-and-telemedicine-during-covid-19\/","url":"https:\/\/osteopathic.org\/practicing-medicine\/telemedicine\/navigating-hipaa-and-telemedicine-during-covid-19\/","name":"Webinar: Telemedicine & HIPAA - American Osteopathic Association","isPartOf":{"@id":"https:\/\/osteopathic.org\/#website"},"datePublished":"2020-04-07T17:16:46+00:00","dateModified":"2020-04-10T18:40:17+00:00","breadcrumb":{"@id":"https:\/\/osteopathic.org\/practicing-medicine\/telemedicine\/navigating-hipaa-and-telemedicine-during-covid-19\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/osteopathic.org\/practicing-medicine\/telemedicine\/navigating-hipaa-and-telemedicine-during-covid-19\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/osteopathic.org\/practicing-medicine\/telemedicine\/navigating-hipaa-and-telemedicine-during-covid-19\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/osteopathic.org\/"},{"@type":"ListItem","position":2,"name":"Practicing Medicine","item":"https:\/\/osteopathic.org\/practicing-medicine\/"},{"@type":"ListItem","position":3,"name":"Telemedicine","item":"https:\/\/osteopathic.org\/practicing-medicine\/telemedicine\/"},{"@type":"ListItem","position":4,"name":"Webinar: Telemedicine &#038; HIPAA"}]},{"@type":"WebSite","@id":"https:\/\/osteopathic.org\/#website","url":"https:\/\/osteopathic.org\/","name":"American Osteopathic Association","description":"Advancing the distinctive philosophy and practice of osteopathic medicine","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/osteopathic.org\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/osteopathic.org\/wp-json\/wp\/v2\/pages\/21641"}],"collection":[{"href":"https:\/\/osteopathic.org\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/osteopathic.org\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/osteopathic.org\/wp-json\/wp\/v2\/users\/30513"}],"replies":[{"embeddable":true,"href":"https:\/\/osteopathic.org\/wp-json\/wp\/v2\/comments?post=21641"}],"version-history":[{"count":0,"href":"https:\/\/osteopathic.org\/wp-json\/wp\/v2\/pages\/21641\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/osteopathic.org\/wp-json\/wp\/v2\/pages\/21484"}],"wp:attachment":[{"href":"https:\/\/osteopathic.org\/wp-json\/wp\/v2\/media?parent=21641"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}