A recent survey uncovered security gaps in over a third of telehealth appointments by mental health providers. The survey, conducted by Propeller Insights on behalf of Dr. First, asked more than 1,000 mental health patients about whether or not they used telehealth services for their sessions, and for those that did, if those sessions met HIPAA standards. The survey findings, as well as telehealth security, are discussed in detail below.

What Did the Survey Find?

The survey uncovered that the security of many telehealth sessions fell short of HIPAA security requirements, with 35% of participants reporting that their sessions were not secure. However, even when the sessions were secure, participants were overwhelmingly concerned with the security of their sessions with 92% raising concerns.

Telehealth security

The participants were concerned for a variety of reasons:

  • 43% were worried about their protected health information being compromised
  • 35% were concerned about their session being hacked
  • 14% were worried that their session would be connected to someone other than their healthcare provider

While the majority of survey participants reported using telehealth services for mental health during the pandemic (75%), a quarter of those surveyed did not utilize telehealth during the pandemic.

  • 46% claimed personal preference
  • 30% stated that their provider did not offer telehealth
  • 30% did not have appropriate connectivity or devices
  • 14% were concerned about being hacked

Of those participants that had utilized telehealth services in the past, 84% reported that they would likely use telehealth going forward.

How to Improve Telehealth Security

 “Telehealth has proven its value to patients and providers alike, which is why it’s critical to stress the need to use secure platforms, so patients’ health information remains protected,” said Colin Banas, M.D., MSHA, chief medical officer for DrFirst. Using HIPAA compliant video conferencing software is one of the most crucial components of telehealth security. HIPAA compliant software solutions sign business associate agreements with their healthcare clients; and implement safeguards to ensure the confidentiality, integrity, and availability of PHI filtered through the platform.

Business Associate Agreements

The Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) released guidance on offering telehealth sessions securely. “Covered health care providers that seek additional privacy protections for telehealth while using video communication products should provide such services through technology vendors that are HIPAA compliant and will enter into HIPAA business associate agreements (BAAs) in connection with the provision of their video communication products.”

Let’s Simplify Compliance

Do you need help with business associate agreements? Compliancy Group can help!

Learn More!
HIPAA Seal of Compliance