With the global pandemic of COVID-19, many of your providers may have began utilizing telehealth services to accommodate your client care and their mental health well-being. It should be noted that while you all are HIPAA healthcare providers, the technology you decided to use for your remote communications and the way in which they are used may not be compliant with HIPAA regulations.
During COVID-19, a health care provider was allowed to utilize any audio or visual communication technology in connection to the good faith provision of telehealth during a national public health emergency without the Office of Civil Rights (OCR) at the Department of Health and Human Services (HHS) issuing a penalty for noncompliance with HIPAA rules. However, post-COVID-19, it would be wise for the clinicians who decide to move forward in their practice with behavioral telehealth being a permanent fixture of virtual care, to conduct a security risk analysis and to enter into a business associate agreement (BAA) with platforms that are compliant with HIPAA regulations.
Public Facing Platforms Non-Compliant with HIPAA Rules
HIPPA regulations safeguard the people’s privacy, therefore, public facing platforms are non-compliant with HIPAA rules and regulations as they allow wide access to the communication. Therefore, when a clinician is communicating with their client via telehealth they should not use public platforms to provide individualized patient advice.
HIPAA Compliant Platforms for Telehealth
The Department of Health and Human services have identified different communication platforms that state their video-communication products are HIPPA compliant. These streaming solutions have professional grade privacy and security features and are non-public facing communication products. A non-public facing communication platform by default only allows the specific people invited to participate in the communication. These platforms include:
- Skype for Business/Microsoft Teams
- Zoom for Healthcare
- Google G Suite Hangouts Meet
- Cisco Webex Meetings/ Webex Teams
- Amazon Chime
- Spruce Health Care Messenger
- Apple Facetime
The expectations of OCR are that clinicians conduct their telehealth services in a private setting like their office, while their client is in their home. Clinicians should always be in a private setting, and their client should not be in public settings when receiving mental health care. OCR asks for providers to apply reasonable HIPAA safeguards when talking to their clients via telehealth in a setting that is not as private as one’s office; seeking to limit unnecessary disclosure of protected health information (PHI). Some practical precautions are not using the speakerphone when talking with your client, recommending your client move farther away from anyone else in the vicinity, and lowering your tone when speaking with your client regarding sensitive matters. Before beginning your virtual visits with your clients, inform your clients of the potential risks.
If you would like to learn more about the HIPAA Privacy and Security Rules, click here.
HIPAA and Behavioral Health Billing
HIPAA provided the standardization of medical codes (ICD codes for diagnosis and CPT and HCPCS codes for procedures) used by providers and those who bill out medical services. They manage the electronic medical transactions, as claims are submitted electronically. Every claim includes provider information, the client’s information, their health insurance plan, and the specific codes for diagnosis or procedure. Thus, HIPAA impacts every aspect of the medical billing process.
If you would like to learn more about HIPPA and/or medical billing, consider inquiring about staff training where we will come to your facility and teach your staff the skills needed to meet insurance documentation requirements. Reach out to us today.