The Changing HIPAA Compliance Regulations Paradigm With the Emergence of Telehealth Services

SharePoint Archive

A dive into the emergence of telehealth services, its influence on healthcare providers, and the role of HIPAA compliance

According to a McKinsey & Company analysis, telehealth utilization has increased by 38% from the pre-COVID-19 baseline. The increased use of telehealth technology such as audio and video conferencing tools, cloud storage, third-party apps, digital charts, and so on has raised eyebrows in the industry for valid reasons. Since the Health Insurance Portability and Accountability Act, commonly known as HIPAA, provides a federal baseline for privacy measures related to protected health information (PHI), the regulation is obviously looked upon in matters like these.

HIPAA regulations apply

HIPAA regulations apply to four distinct groups in the sector: healthcare providers, health plans, healthcare clearinghouses, and business associates. The first three groups are known as covered entities, and they are obliged to comply with all HIPAA regulations and are subject to fines in case of non-compliance. The last group, business associates (BAs), must also strictly adhere to the HIPAA regulations, and PHI exchanged with them by the covered entities must be safeguarded as well. Furthermore, a healthcare provider must have engaged in any of the HIPAA-covered transactions listed below to be considered as HIPAA-covered entities:

  1. Payment and remittance advice
  2. Claims status
  3. Eligibility
  4. Coordination of benefits
  5. Claims and encounter information
  6. Enrollment and disenrollment
  7. Referrals and authorizations
  8. Premium payment

Any other groups that are neither covered entities nor business associates and have not participated in HIPAA-covered transactions are referred to as third-party entities and non-healthcare providers.

 A mental health app

A mental health app that delivers therapy to aid users in dealing with sadness, anxiety, rage, and other emotions is an example of a non-healthcare provider third-party entity. This is because, in the normal course of business, the mental health app does not participate in HIPAA-covered transactions, produce invoices, or get paid for the services. As a result, this app is a HIPAA third-party entity because it is a non-healthcare provider that does not qualify as a covered entity or a business associate.

On the other hand, such mental health applications will at the very least ask you to sign up with sensitive information like a phone number or an email address. Pre-existing mental health or anxiety concerns in you or your family and a list of medications, if any, may be requested by such mental health applications. Furthermore, to provide excellent mental health, such an app will track and record your mental health reports, anxiety levels, and, in some circumstances, even blood pressure, sleeping cycle, and other data.

HIPAA does not regulate health apps, so similar sleeping cycle monitors, habit trackers, weight gain trackers, fitness trackers, and the information users exchange with these applications. As a result, under HIPAA, some developers of health-related applications are not required to secure PHI, fairly handle patient health information, or supervise their vendors' processing of patient health information. However, this is only one example. Telehealth service providers utilize cloud storage, messaging, audio, video platforms, in-built online bots, chart preparation tools, interactive voice response (IVR), data archiving solutions, and other third-party solutions.

According to HIPAA, if the apps, platforms, or tools are developed, recommended, or provided by covered entities, business associates, or healthcare providers, they are liable for any PHI disclosure by the app. Furthermore, assume healthcare providers deliver services through applications, platforms, and tools, and clients adopt those solutions; the providers may be subject to HIPAA rules if they have not signed a business associate agreement with the app and it discloses any PHI.


As a result, the increased use of telehealth technology has raised eyebrows in recent days, requiring healthcare providers to guarantee that patient and customer data is protected and that all third-party telehealth service providers are monitored. Surprisingly, the healthcare industry is already one of the most highly regulated, and other aspects of healthcare require comparable safeguards and procedures. Some approaches, such as implementing organizational information governance solutions and policies, can aid the industry in reducing data privacy compliance risks and thriving in the digital era.

Comments

Popular posts from this blog

How Financial Services Sector Can Reduce Costs and Time in Operations

The Role of a Compliance Strategy in Mitigating Cyber-Attacks

Traversing Through eDiscovery Data Sources Amid the Hybrid Work Environment