HHS Office for Civil Rights issues resources for healthcare providers and patients
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), issued two resource documents to help explain to patients the privacy and security risks to their protected health information (PHI) when using telehealth services and ways to reduce these risks.
The first resource is for healthcare providers on “Educating Patients about Privacy and Security Risks to Protected Health Information when Using Remote Communication Technologies for Telehealth.” Although healthcare providers are not required by the HIPAA Rules to provide this education, the resource supports the continued and increased use of telehealth by providing information to help healthcare providers who choose to discuss telehealth privacy and security with patients. The resource provides suggestions for discussing:
- Telehealth options offered
- Risks to PHI when using remote communications technologies
- Privacy and security practices of remote communication technology vendors
- Applicability of civil rights laws
OCR also issued a resource for patients called “Telehealth Privacy and Security Tips for Patients.” This resource provides recommendations that patients can implement to protect and secure their health information such as:
- Conduct telehealth appointment in a private location
- Turn on multi-factor authentication if available
- Use encryption when available
- Avoid public Wi-Fi networks