When ePHI created by a medical professional or a healthcare organization (covered entity) is stored by a third party, the covered entity is required to have a Business Associate Agreement (BAA) with the third party storing the data. Why You Should Not Use SMS, Skype or Email for Telemedicine
The second and third bullet points also relate to ePHI that is stored – an issue we will address in the next section. The system should also have automatic log-off capabilities if the system is not used for a period of time. However, the second bullet point means that unsecure channels of communication such as SMS, Skype, and email should not be used for communicating ePHI at distance.įinally, according to the HIPAA guidelines on telemedicine, any system of communicating ePHI at distance must have mechanisms in place so communications can be monitored and remotely deleted if necessary. The first bullet point is fine provided physicians use “reasonable and appropriate safeguards” to prevent ePHI being disclosed to any unauthorized parties. A system of monitoring communications containing ePHI should be implemented to prevent accidental or malicious breaches.A system of secure communication should be implemented to protect the integrity of ePHI.Only authorized users should have access to ePHI.This element of the HIPAA guidelines on telemedicine is contained within the HIPAA Security Rule and stipulates: However, the channel of communication used for communicating ePHI at distance also has to be HIPAA-compliant if medical professionals and healthcare organizations want to comply with the HIPAA guidelines on telemedicine. Many people mistakenly believe that communicating ePHI at distance is acceptable when the communication is directly between physician and patient – and this would be what the HIPAA Privacy Rule would imply.
The HIPAA guidelines on telemedicine affect any medical professional or healthcare organization that provides a remote service to patients in their homes or in community centers. HIPAA Guidelines on Telemedicine Communicating ePHI at Distance