May 17
2024
A HIPAA-Compliant Path to Efficiency and Relief with Telehealth
By Nate MacLeitch, founder and CEO, QuickBlox.
We’ve come a long way since the University of Nebraska pioneered two-way video communication for telemedicine in 1959. Today, telehealth enables healthcare providers to expand access to medical support, improve patient convenience, streamline workflows, and enhance clinical outcomes. But as telehealth has grown, so too have the regulations around it.
The software behind telehealth — including on laptops, tablets, the cloud, and increasingly AI — requires careful governance and robust security protocols to ensure patient privacy in accordance with the Health Insurance Portability and Accountability Act (HIPAA).
The following explores how telehealth can alleviate administrative burdens and create a more efficient experience, while HIPAA compliance ensures the product is safe for both patients and providers to trust.
HIPAA Compliance Builds Patient and Clinicians’ Trust
While demand for digital health adoption from patients (33%) and providers (36%) is rising, over half of clinicians surveyed are still concerned about data breaches or malware attacks on their healthcare data, global advisor HIMSS (Healthcare Information and Management Systems Society) reports.
Securely communicating sensitive patient information (PHI) within a healthcare organization can be challenging when relying on everyday tools like SMS, Skype, and email. While these platforms offer encryption mechanisms, they fall short in two key areas.
Firstly, achieving effective encryption requires a uniform environment. Everyone within the organization must use compatible operating systems and the same encryption/decryption software. This uniformity can be difficult and expensive to maintain across a large organization with diverse devices and software versions.
Secondly, even with encryption, the service providers themselves — like Verizon, Skype, and Google — still have access to the underlying data on their servers. Business associate agreements (BAAs) can be established to address these concerns, but these rely on the providers to maintain the integrity of the encrypted data. Here, Skype’s past actions raise red flags, and it’s fair to question if major communication companies like Verizon or Google would be comfortable with the additional responsibility and potential legal implications of healthcare data breaches.