Telehealth has seen an unprecedented boom this year. This was in part caused by the pandemic and the need to decrease opportunities for potential exposure to the virus. Telemedicine was adopted more widely also thanks to relaxed HIPAA regulations which enabled the use of videoconferencing platforms for remote medical visits, treatment, and diagnosis.
But as we move into 2022, new vaccines are rolled out, and the COVID-19 emergency is managed, what changes can we expect from HIPAA? And how will this impact the day-to-day use of telemedicine in healthcare practices?
Is HIPAA Out of Date?
Yes, according to some legislators. The Health Insurance Portability and Accountability Act was put into effect more than 25 years ago and the health sector has become completely digitized since then. And some lawmakers pushing for change say that the outdated regulations are no longer addressing today’s technology and security challenges.
Just last week, two U.S. senators proposed the Health Data Use and Privacy Commission Act. This new federal law is meant to update and modernize HIPAA by developing solutions safeguard the equally important exigencies of privacy for patients and easy access to data for health care providers.
“As a doctor, the potential of new technology to improve patient care seems limitless. But Americans must be able to trust that their personal health data is protected if this technology can meet its full potential. HIPAA must be updated for the modern day. This legislation starts this process on a pathway to make sure it is done right.”– Bill Cassidy, M.D. (R-LA)
If passed, the bill would form a task force in charge of running an organized, extensive review of current PHI security measures at both the state and federal levels. It would also need to evaluate the methods used by healthcare providers, insurance companies, financial services, consumer electronics, and others. The end goal of this task force is to decide if HIPAA reform is needed, and if so, how. This would mean giving Congress recommendations on how to:
- Unify current security and privacy regulations for protected health information,
- Better define how standards should be applied,
- Expand regulations to cover mobile apps, AI, and other emerging technologies used in medicine,
- Address the need for patient notification and consent,
- Identify potential threats to health data privacy,
- Determine when health data can and should be shared in support of quality care and interoperability,
- Determine how subsets of data regarding patients and providers can/cannot be used for consumer-driven purposes,
- Anticipate market forces that may pose a risk to patient privacy in the future,
- Outline modes of enforcing compliance,
- Set penalties for violations.
The list of supporters for this bill include Athena Health, Epic Systems, IBM, Teladoc Health, Federation of American Hospitals, the American College of Cardiology, and Association for Behavioral Health and Wellness. And this is reason to believe that updates are on the way for HIPAA.
What Changes Can We Expect from HIPAA in 2022?
At the beginning of the coronavirus pandemic, the Department of Health and Human Services relaxed the regulations that had previously inhibited doctors from using many videoconferencing platforms for telehealth. Deciding to ease enforcement of HIPAA privacy and security rules was a big change. For example, relying on a third-party software to transfer PHI without having a BAA from that vendor on file would likely not be penalized as a HIPAA violation if done in good faith.
This change opened the door to a wider use of mobile communications, live video, pictures, and virtual healthcare visits. It was a huge benefit for both healthcare providers and patients. But, it’s important to note, that this change was temporary. The HHS clearly stated that HIPAA regulations would be temporarily relaxed in order to help provide safer, continual access to medical services during the nationwide public health emergency.
So, this leaves many in the healthcare field wondering if and when HIPAA regulations will go back into full vigor.
It’s pretty fair to say that the use of telehealth will continue to grow even post-pandemic. More healthcare providers are expected to adopt the technology and, as patients come to appreciate the convenience of it, demand is likely to rise as well. And, of course, data security and patient privacy will always be critical points of regulation throughout the healthcare industry.
How Will this Effect Telemedicine Practices?
Here’s how some anticipated changes to HIPAA could impact telemedicine in the new year.
If your healthcare organization has recently started providing telehealth services, it should review its patient consent procedures. Getting informed patient consent before discussing health matters or transmitting sensitive information in phone or video conversations is best practice and may soon become an explicit HIPAA requirement.
In order to comply with HIPAA, organizations will need to update their risk analysis and mitigation plans to include risks introduced by telehealth. Practitioners must remember also that this isn’t just a potential risk, but that telehealth represents one of healthcare’s largest real cybersecurity risks.
Since its widespread adoption in 2020, some experts cite a 30% increase in cybersecurity issues in recent healthcare security reports. Plus, evidence of hackers’ successes have been found on the dark web in greater amounts since February 2020.
Wider Insurance Coverage
One of the major reasons why the use of telemedicine grew in early 2020 was that Medicare and many private insurance coverages expanded to cover remote visits. This was a significant economic motivation for healthcare providers and patients alike.
Now, we see that COVID transmission is still a concern, lockdown measures are being reinstated in many areas, and medical professionals are struggling financially. If changes are introduced to HIPAA to address the privacy and security concerns of telehealth, we anticipate the practice of expanded insurance reimbursement to continue. We hope this is the case also because of the vast benefits that telehealth offers for users.
While we await news of any such changes about HIPAA compliance, we advise healthcare professionals to document well the services that they provided virtually.
We expect that sometime in late 2022, vendor relations will go back to being regulated. It’s likely HIPPA regulations will be enforced with regards to business associate agreements and third-party services. If a covered entity is currently using a platform for telehealth and other transmission of PHI, it will need to make sure that it has a valid BAA on file for that service provider.
At the same time, telehealth software providers and owners of videoconferencing platforms intended to be used in this field, should take the needed steps to become HIPAA compliant.
Since the pandemic began, there has been a renewed focus on mobility for both doctors and patients. Healthcare professionals have been doing more work from home and remotely outside the office. Likewise, patients have been receiving care from the comfort of their own home and consulting with specialists far from their hometown.
In 2022, we can guess that HIPPA standards will be less stringent on location limitations. This means an expanded service area with for providers and easier access to healthcare for patients.
Fines for Violations
We anticipate that HIPAA enforcement will soon go back into full effect. This would mean that practitioners would no longer be shielded from fines for security and privacy violations. For this reason, it’s an important time for everyone in healthcare to pay attention to new released by HHS and regarding compliance.
The use of telemedicine is currently encouraged by the health community. However, remember that the loosening of HIPAA regulations in 2020 was a temporary measure. Your organization should plan to review telemedicine policies and practices after the pandemic.
Related article: 8 Tips for Physicians Transitioning to Telehealth.
HIPAA-Compliant Call Answering Support for Telemedicine
Relying on a HIPAA-compliant answering service can make your medical facility more efficient with both in-person and remote operations. PatientCalls acts as an organized, 24/7 communications central between doctors, staff, and patients. Contact our team to learn more.