Call Girls Laxmi Nagar 9999965857 Cheap and Best with original Photos
HIPAA and COVID19
1. HIPAA and COVID19
Presented by: David A. Ginsberg, President, PrivaPlan Associates, Inc
Copyright PrivaPlan® Associates, Inc. 2020
2. Overview
• Workforce repositioning to their homes creates
new HIPAA Privacy and Security challenges
• Telemedicine adds to these challenges
• What is the enforcement discretion?
• What are best practices for telemedicine and work
from home
3. HIPAA Enforcement Discretion
Why?
“COVID-19 nationwide public health emergency
We are empowering medical providers to serve patients wherever
they are during this national public health emergency. We are
especially concerned about reaching those most at risk, including
older persons and persons with disabilities. – Roger Severino, OCR
Director.”
4. HIPAA Enforcement Discretion
• This is NOT a blanket waiver of HIPAA!
• Similar discretion has been issued for other emergencies
like recent Hurricanes
• Let’s examine the discretion
5. Enforcement Discretion
“A covered health care provider that wants to use audio or video
communication technology to provide telehealth to patients during the COVID-
19 nationwide public health emergency can use any non-public facing remote
communication product that is available to communicate with patients. OCR is
exercising its enforcement discretion to not impose penalties for
noncompliance with the HIPAA Rules in connection with the good faith
provision of telehealth using such non-public facing audio or video
communication products during the COVID-19 nationwide public health
emergency. This exercise of discretion applies to telehealth provided for any
reason, regardless of whether the telehealth service is related to the diagnosis
and treatment of health conditions related to COVID-19.”
6. Enforcement Discretion
“Under this Notice, covered health care providers may use popular applications
that allow for video chats, including Apple FaceTime, Facebook Messenger
video chat, Google Hangouts video, or Skype, to provide telehealth without risk
that OCR might seek to impose a penalty for noncompliance with the HIPAA
Rules related to the good faith provision of telehealth during the COVID-19
nationwide public health emergency.
Providers are encouraged to notify patients that these third-party applications
potentially introduce privacy risks, and providers should enable all available
encryption and privacy modes when using such applications. ”
My emphasis—enable all available encryption and privacy modes
7. Enforcement Discretion
“Under this Notice, however, Facebook Live, Twitch, TikTok, and similar video
communication applications are public facing, and should not be used in the
provision of telehealth by covered health care providers.
Covered health care providers that seek additional privacy protections for
telehealth while using video communication products should provide such
services through technology vendors that are HIPAA compliant and will enter
into HIPAA business associate agreements (BAAs) in connection with the
provision of their video communication products. ”
The last statement is very important
8. Enforcement Discretion
• The Notice goes on to define technologies that are HIPAA compliant and
will sign a BAA
• If you don’t obtain a BAA the enforcement discretion means the OCR will
not find this a compliance violation….but we believe this is a slippery slope
because you need to ensure that once the emergency is lifted you obtain
compliant technology
“Under this Notice, however, OCR will not impose penalties
against covered health care providers for the lack of a BAA with
video communication vendors or any other noncompliance with
the HIPAA Rules that relates to the good faith provision of
telehealth services during the COVID-19 nationwide public health
emergency. ”
9. Best Practices
• If you will have more of your workforce work from home what
is necessary?
• Acceptable home use policy agreements-some key points:
• Ensure homeWIFI is secured with WPA2 encryption
• Work from as private an area at home as possible-and don’t
allow family members to overhear, shoulder surf or see your
workstation or smartphone displays
10. Best Practices
• Always log off when you get up and leave your workstation or
smartphone at home unattended-and this is not a screen saver
but log off
• Don’t use sticky notes or write down your passwords and keep
them near the workstation
• Don’t use personal computers without permission
• Don’t save data on media
• Don’t print protected health information to a local printer
unless the printed material is immediately secured….
11. Best Practices
• The same restrictions on texting and email apply for home use
as at your medical practice
• Disable Alexa, Nest, Google, Siri and any assistive technology
if discussing PHI with a co-worker, or for telemedicine sessions
• Enable session security if using a teleconferencing platform
12. Platform security-telemedicine
Generally, the moderator has numerous controls on most
platforms (Zoom, Gotomeeting, BlueJeans,Webex etc.) like:
• Enabling end to end encryption
• Requiring a password
• Creating a waiting room and then inviting the patient
• Locking a session once it has started
• Restricting chats, or enforcing encrypted chats
• Disabling patient recording—VERY IMPORTANT!!
• Temporarily pausing a screen when a new window is opened
13. Telemedicine-Privacy
• At least for the first patient encounter, ask and document
patient consent to using this technology
• Ask if the patient is in a private area and if not confirm they are
comfortable continuing
• Document time and duration and follow all appropriate clinical
documentation standards