Cybersecurity Best Practices for Telehealth HIPAA Compliance

Virtual counseling and medical appointments were already gaining traction in early 2020. Once the pandemic hit, however, they skyrocketed practically overnight with very little preparation. One report showed that telehealth visits saw more than 4000% growth from 2019 to 2020. This astronomical change required providers to implement widespread telehealth HIPAA compliance measures rapidly. 

At Doug Fir Billing, we’ve adapted quickly to help our clients handle their billing for virtual and in-person appointments. Our highly-trained staff serves providers throughout the Pacific Northwest to ensure your clients have fewer insurance denials and that you receive the payments you deserve. Reach out today to learn how we can support you and your practice.

Navigating Telehealth HIPAA Compliance

As we know, HIPAA regulations exist to protect each patient’s personal health information (PHI). Back in the day of only paper files, a locking file cabinet was pretty much the most high-tech thing you needed to keep data safe.

Of course, today we have a much different world with much more sophisticated needs. Protecting electronic PHI (ePHI) requires multiple levels of caution, diligence, and security, especially when providing telehealth appointments.

Many mental health providers moved to remote work when the pandemic hit, offering virtual counseling sessions to try to meet the rising demand for care. While this shift allowed providers to continue caring for clients and patients, it also created new questions about telehealth HIPAA compliance.

In particular, providers who began offering virtual appointments from their homes faced unique challenges. After all, having a spouse walk by while you’re on a call with a patient could constitute a violation. 

Best Practices Now that Telehealth Is Here To Stay

Now that we are several years into the world of widespread telehealth, it’s safe to say it’s unlikely to go away. The demand for mental health care far exceeds the current capacity to deliver care.

Virtual appointments help make mental health support more accessible for patients and providers, so this option is probably here for the long haul. With that in mind, here are some updated best practices to help keep you compliant during telehealth appointments.

Passwords and Encryption

woman engaging in telehealth therapy via her laptop

The beauty of telehealth appointments is that you can access them from anywhere and on any device or computer. The downside is that you can access them from anywhere and on any device or computer. 

Device and network security are crucial when working with patients virtually. It can be easy to overlook security risks when you aren’t an IT security person, so here are a few essential things to remember and attend to regularly:

  • Try to dedicate one device to telehealth calls so that you only need to protect one.

  • Be sure your device requires a password and set a reminder to change the password once a month.

  • Change your router’s password to something custom rather than its default password and update it once a month.

  • Utilize a VPN or encryption software to protect PHI you need to send electronically.

  • Activate two-step authentication on any devices you use for appointments or to store protected data.

Dedicated, Private Space

When you are working from home to provide virtual mental health appointments, you need a private space with no passers-by. While your cat wandering across your keyboard isn’t a problem, your roommate walking by is. It’s crucial that you create a dedicated spot for your appointments so that you stay in compliance and can provide undistracted care. 

If you don’t have a protected space at home for seeing patients virtually, consider renting a shared coworking office space. These options offer a great way to have an enclosed office when you need it without paying the full cost of a commercial space.

Watch Those Physical Files

Even with all the technology available, there are bound to be some paper files, too. If you keep any hard copies of files for your clients, including session notes, you should have a locked cabinet for storing them.

When you work from home, it can be tempting to leave things on your desk or table to return to later. But it’s important to lock it all up before you step away from your work area. Additionally, be sure to have a shredder on hand for paper files you no longer need to keep.

Communicate Expectations with Your Remote Workers

Anyone you hire to do work for your practice also must follow HIPAA expectations. Whether you have a VA, an outsourced biller, or W-2 employees, be sure to follow these steps:

  • Verify that they have a private space to work when doing tasks for you.

  • Ask them to sign a confidentiality agreement.

  • Make sure their company is educated on their HIPAA responsibilities and what to do if there is a breach.

  • Verify that they set reminders to change their passwords regularly.

A paper calendar page sitting on a computer keyboard. The calendar says "time to change password."

Cybersecurity Protects You, Too

Medical and mental health providers inherently need to create space between themselves and their patients or clients. Nobody needs a What About Bob situation.

When providing virtual appointments from your home, avoid disclosing any identifying information that could give clients a clue to your address. Try to have screens or walls behind you rather than windows that could provide a glimpse of where you live. Additionally, use separate phone lines for your practice and personal use.

Protecting your safety and that of your family is crucial.

Doug Fir Takes Your Compliance Seriously

It’s an honor to support therapists, psychiatrists, doctors, and other providers in the Pacific Northwest. As your outsourced medical billing company, Doug Fir Billing follows all required HIPAA regulations to help protect you and your clients. Contact us for a free quote to see how our services can help your practice thrive.

Previous
Previous

Provider Spotlight: Aim High PDX

Next
Next

5 Questions To Ask When Hiring a Medical Biller