Tag: HIPAA-compliant

Psychologists Who Practice Via Online Counseling: Are They Really HIPAA Compliant?

Psychology, Confidence, Professional

Today, psychologists are offering their services online, and telehealth is continuously becoming popular. The top advantage of such practice in the mental health field is the availability of specialized services and expertise to patients in remote locations. Furthermore, telehealth enhances the availability of professional medical expertise globally with modern ways of clinical supervision.

In overall, telehealth provides efficient communication among professionals and their patients globally to engage each other through various technological means and a considerable supply of interventions to pick from. With all the benefits that telehealth offers, there are still many arguments in the mental health industry on whether or not it can be considered truly safe as well as private to the patients.

Why Telehealth Is Under Debate Over its Safety and Privacy

Furthermore, individuals with means of producing educational videos, applications, or websites, etc. can come up with such content easily, posing the risk of a patient obtaining inaccurate information. Another point of concern for telehealth is associated with its jurisdictional compliance. License specification typically differs per state or country. However, the ease with which psychologists can provide their services globally may ultimately lead to inadvertent legal or ethical malpractice.

HIPAA’s Security Protocols that Safeguards Patient’s Information

The first question a patient may ask when using telehealth services or telemedicine software is, “How safe and private is the service?” sincerely speaking, this is quite a valid concern for the patient and should be taken with utmost seriousness by the health provider. HIPAA (Health Insurance Portability and Accountability Act) which was passed in 1996 by the Congress makes sure that individuals can transfer as well as continue with their insurance cover even after changing jobs.

Additionally, the act instituted industry-wide policies on billing and healthcare information, among other processes. Most importantly, HIPAA ensured implementation and proper protection of patient information known as PHI (Protected Health Information). These protocols also apply to patient’s data, such as video visits that are transmitted via the internet.

Why Individual Therapists May Not Have Sufficient Security Protocols to Safeguard Your Data

To be safe from stiff penalties and be HIPAA compliant, medical practitioners are required to use telehealth solutions that meet HIPAA’s regulations. However, not all healthcare providers meet this test hence raising concerns. The laws typically apply to covered entities and all business associates such as organizations, agencies, and large medical firms. Professionals and therapists listed here all work with a HIPAA compliant service

Several reports have indicated that personal therapists, not working under professional medical bodies, may not be compliant to HIPAA laws. This means that they are less likely to follow and respect the patient’s privacy rights and information. Thus, this raises significant concerns for patients using telehealth services. Choosing to work with a therapist from a large telehealth company ensures that your data and private information is safe.

How Can We Prepare Ourselves For Healthcare IoT?

By Tim Mullahy, executive vice president, Liberty Center One.

Tim Mullahy
Tim Mullahy

Remote monitoring. Smart sensors. Better communication and overall patient care. The internet of things has some incredible applications for the health industry — assuming we can overcome the security challenges it brings with it. But where do we start?

The potential of the Internet of Things to revolutionize the world has already been well-documented – as has its potential security shortcomings. I don’t believe it’s hyperbole to call IoT one of the most disruptive digital technologies ever developed, if not the most.  But that disruption can easily be a double-edged sword.

Consider the healthcare industry, for example. Hospitals, care providers, and covered entities regularly work with some of the most sensitive data in the world, subject to some of the most stringent protections. They have an inarguable duty of care to keep protected health information (PHI) out of the wrong hands.

Incautious application of IoT technology runs directly counter to that duty of care.

Yet hospitals and other healthcare agencies use the Internet of Things for everything from maintenance and monitoring to patient care — nearly 60 percent have introduced IoT into their facilities, and 87 percent plan to implement more technology by next year. And of those organizations, 89 percent have suffered from some form of IoT-related security breach.

Unless you want your organization to be included in that statistic, you’re going to need to take a step back and re-examine your security practices. The Internet of Things is by its very nature unlike any technology you’ve used in the past. What that means is that it requires a completely different approach.

You must have some way of monitoring, managing, and locking down any endpoints that might have even a passing connection to patient data. You need to implement new processes and procedures regarding how devices are used and interconnected within your organization. Finally, you need to be aware of PHI no matter where it is and who’s using it — and if someone is accessing it who shouldn’t be, you need the capacity to lock down their access and protect that data.

For an industry where even standard IT can prove challenging, that’s a pretty intensive list. It’s a small wonder, then, that many healthcare organizations choose to work with managed services providers rather than deal with things internally. And if, after a security assessment, you find that your own IT staff lack the expertise, that might be the best bet for you as well (at least until your staff can receive proper training).

Of course, selecting an IoT services provider comes with its own laundry list of challenges. You’ll need to school yourself in the tactics and language the bad eggs use to try to lure in new clients, and you’ll need to ensure that any providers you work with are fully HIPAA-compliant. There are a few signs you should look out for in that regard:

Continue Reading