Telehealth has seen an unprecedented boom this year. This was in part caused by the pandemic and the need to decrease opportunities for potential exposure to the virus. Telemedicine was adopted more widely also thanks to relaxed HIPAA regulations which enabled the use of videoconferencing platforms for remote medical visits, treatment, and diagnosis.
But as we move into 2021, new vaccines are rolled out, and the COVID-19 emergency is managed, what changes can we expect from HIPAA? And how will this impact the day-to-day use of telemedicine in healthcare practices?
What Changes Can We Expect from HIPAA in 2021?
At the beginning of the coronavirus pandemic, the Department of Health and Human Services relaxed the regulations that had previously inhibited doctors from using many videoconferencing platforms for telehealth. Deciding to ease enforcement of HIPAA privacy and security rules was a big change. For example, relying on a third-party software to transfer PHI without having a BAA from that vendor on file would likely not be penalized as a HIPAA violation if done in good faith.
This change opened the door to a wider use of mobile communications, live video, pictures, and virtual healthcare visits. It was a huge benefit for both healthcare providers and patients. But, it’s important to note, that this change was temporary. The HHS clearly stated that HIPAA regulations would be temporarily relaxed in order to help provide safer, continual access to medical services during the nationwide public health emergency.
So, this leaves many in the healthcare field wondering if and when HIPAA regulations will go back into full vigor.
It’s pretty fair to say that the use of telehealth will continue to grow even post-pandemic. More healthcare providers are expected to adopt the technology and, as patients come to appreciate the convenience of it, demand is likely to rise as well. And, of course, data security and patient privacy will always be critical points of regulation throughout the healthcare industry.
How Will this Effect Telemedicine Practices?
Here’s how some anticipated changes to HIPAA could impact telemedicine in the new year.
If your healthcare organization has recently started providing telehealth services, it should review its patient consent procedures. Getting informed patient consent before discussing health matters or transmitting sensitive information in phone or video conversations is best practice and may soon become an explicit HIPAA requirement.
In order to comply with HIPAA, organizations will need to update their risk analysis and mitigation plans to include risks introduced by telehealth. Practitioners must remember also that this isn’t just a potential risk, but that telehealth represents one of healthcare’s largest real cybersecurity risks.
Since its widespread adoption in 2020, some experts cite a 30% increase in cybersecurity issues in recent healthcare security reports. Plus, evidence of hackers’ successes have been found on the dark web in greater amounts since February 2020.
Wider Insurance Coverage
One of the major reasons why the use of telemedicine grew in early 2020 was that Medicare and many private insurance coverages expanded to cover remote visits. This was a significant economic motivation for healthcare providers and patients alike.
Now, we see that COVID transmission is still a concern, lockdown measures are being reinstated in many areas, and medical professionals are struggling financially. If changes are introduced to HIPAA to address the privacy and security concerns of telehealth, we anticipate the practice of expanded insurance reimbursement to continue. We hope this is the case also because of the vast benefits that telehealth offers for users.
While we await news of any such changes about HIPAA compliance, we advise healthcare professionals to document well the services that they provided virtually.
We expect that sometime in early to mid-2021, vendor relations will go back to being regulated. It’s likely HIPPA regulations will be enforced with regards to business associate agreements and third-party services. If a covered entity is currently using a platform for telehealth and other transmission of PHI, it will need to make sure that it has a valid BAA on file for that service provider.
At the same time, telehealth software providers and owners of videoconferencing platforms intended to be used in this field, should take the needed steps to become HIPAA compliant.
Since the pandemic began, there has been a renewed focus on mobility for both doctors and patients. Healthcare professionals have been doing more work from home and remotely outside the office. Likewise, patients have been receiving care from the comfort of their own home and consulting with specialists far from their hometown.
In 2021, we can guess that HIPPA standards will be less stringent on location limitations. This means an expanded service area with for providers and easier access to healthcare for patients.
Fines for Violations
We anticipate that HIPAA enforcement will soon go back into full effect. This would mean that practitioners would no longer be shielded from fines for security and privacy violations. For this reason, it’s an important time for everyone in healthcare to pay attention to new released by HHS and regarding compliance.
The use of telemedicine is currently encouraged by the health community. However, remember that the loosening of HIPAA regulations in 2020 was a temporary measure. Your organization should plan to review telemedicine policies and practices after the pandemic.
Related article: 8 Tips for Physicians Transitioning to Telehealth.
HIPAA-Compliant Call Answering Support for Telemedicine
Relying on a HIPAA-compliant answering service can make your medical facility more efficient with both in-person and remote operations. PatientCalls acts as an organized, 24/7 communications central between doctors, staff, and patients. Contact our team to learn more.