How to Ensure Telehealth HIPAA Compliance After Enforcement Resumes
To avoid OCR enforcement once the telehealth waiver is lifted, you will need to start using HIPAA compliant software. But what makes a software HIPAA compliant?
Security measures. For software to be considered HIPAA compliant, it must have security measures in place to ensure the confidentiality, integrity, and availability of protected health information (PHI). This includes access controls, user authentication, audit controls, and encryption.
Business associate agreements (BAAs). No matter what security measures a software provider offers, if they are unable or unwilling to sign a BAA, they cannot be used for HIPAA compliant telehealth. In fact, a good portion of the software currently being that is not HIPAA compliant, is only not compliant because they don’t sign BAAs.
Employee training. In the end, software HIPAA compliance comes down to how it is used by the end user. As such, employees must be trained on the proper uses and disclosure of PHI in relation to the software being used.