By Peter J. Cass, OD
June 9, 2021
The pandemic impacted how HIPAA was enforced and many practices adapted to offer more telemedicine services. At the same time, some doctors and employees adapted by working from home. Here are important ways to ensure your practice is still HIPAA-compliant and your patient data stays secure beyond the pandemic.
The biggest change during the pandemic, which may leave practices exposed as rules are tightened again, was allowing doctors to provide care to patients in their homes rather than at specific telemedicine centers and allowing use of non-HIPAA compliant video and audio applications (Facetime, Zoom, Messenger, etc.)
Telemedicine: The Rules Will Be Tightened Again
Relaxation of HIPAA’s telemedicine rules have accelerated the adoption of telemedicine services by optometrists, but this may set you up for HIPAA violations if you are not prepared to comply with the regulations when the pandemic subsides and the regulations are enforced again. The platforms you have been using during the last year to communicate with, and evaluate, patients, may no longer be considered HIPAA-compliant later this year or next year. Practices that want to continue using telemedicine should work with a HIPAA-compliant telemedicine service that can provide secure and encrypted connections to patients.
We will likely see an increase in regulations on the use of telemedicine, while ironically seeing an increased push for the use of these services, which proved both effective and cost-efficient during the pandemic.
Greater Demand for Patient Access to their Medical Information
There is a heightened focus on ensuring patients’ access to their medical record including digital capture of records and direct access to records through an EHR patient portal. Increased demands on medical record access for patients is a key area of the Merit-Based Incentive Payment System (MIPS) and noncompliance can affect Medicare payments, as well as result in HIPAA fines. Providers should evaluate their EHR technology to make sure that it complies with the HIPAA and MIPS rules for patient access.
Other Articles to Explore
Need for Increased Security Against Ransomware Attacks
Ransomware attacks are becoming more common, requiring practices to double-check that their practice software, whether cloud-based or housed within a system based in the office, is secure.
Luxottica had a breach of its appointment scheduling application, which impacted 829,454 patients. The data breach included health insurance policy numbers, appointment notes related to treatment, procedures, prescriptions and other sensitive data, such as patients’ credit card information and Social Security information.
In light of such high-profile breaches, there is a huge demand for training to ensure all employees are following protocols to maintain HIPAA and data security. The firm I am a partner in, Practice Compliance Solutions, has noticed increased requests for help with attacks and increased requests to provide this training, and we are doing more lecturing on this topic.
Ensuring data is secure and protected from ransomware requires taking these actions:
• Conduct a security risk analysis
• Backup data (cloud-based backup systems are the best option)
• Encrypt patient data
• Install and keep up-to-date antivirus/malware programs
• Train employees
• Use strong passwords and change them routinely
• Implement strong network access controls
With the right security protocols, and a staff that has been trained to consistently follow those protocols, your practice should be able secure patient data and continue providing care through telemedicine while maintaining HIPAA compliance.
Peter J. Cass, OD, is a partner in Practice Compliance Solutions, a faculty member for the University of Houston College of Optometry, an associate at MyEyeDr. Beaumont, and past-president of the Texas Optometric Association. To contact: peter@PCScomply.com