HIPAA Communication News

Senate HELP Committee Considers Permanent Changes to Telehealth Policies

Posted June 18, 2020 by HIPAA Journal

The Senate Health, Education, Labor, and Pensions (HELP) Committee is considering which of the 31 recent changes to telehealth policies should be kept in place when the COVID-19 national public health emergency comes to an end.

The temporary changes to policies on telehealth have served to expand access during the COVID-19 public health emergency. These changes were necessary to help prevent the spread of COVID-19 and ensure that Americans are given easy access to medical services. During the COVID-19 crisis, patients have embraced the new approach and many have taken advantage of virtual visits and are using remote monitoring tools.

The June 17, 2020 Senate HELP Committee meeting was convened to explore which of the recent changes should be made permanent or at least be extended once the COVID-19 crisis comes to an end. All members of the committee supported making at least some of the recent changes permanent, with HELP Committee Chairman Sen. Lamar Alexander (R-Tenn.) advocating two permanent changes: The elimination of limitations on originating sites and the expansion of the types of providers who can be reimbursed through Medicare and Medicaid for providing virtual visits.

Sen. Alexander explained that both changes will help providers to achieve better patient outcomes, will improve patient experiences, and will help to reduce the cost of healthcare provision. There is wide support for these two changes to be made permanent. “As dark as this pandemic has been, it creates an opportunity to learn from and act upon these three months of intensive telehealth experiences, specifically what permanent changes need to be made in federal and state policies,” said Sen. Alexander. He suggested that were it not for the pandemic, the recently introduced changes may not have occurred for a further 10 years. It is too early to tell whether the telehealth changes have had any significant effect on patient outcomes, but they have certainly helped to improve access to healthcare services.

The University of Virginia (UVA) experienced a 9,000% increase in virtual visits between February and May, according to Karen Rheuban, M.D., director of the UVA Center for Telehealth. Sen. Alexander explained that Ascension Saint Thomas had gone from providing around 50 telehealth visits a year to more than 30,000 per month between April and May. Between April and May, telehealth accounted for around 45% of all visits.

The HHS’ Office for Civil Rights announced a Notice of Enforcement discretion covering the platforms that could be used for providing telehealth services during the public health emergency. Aside from public-facing platforms, apps that would not normally be permitted under HIPAA could be used for telehealth. While the move was necessary, it is one of the changes that requires closer scrutiny moving forward to ensure the privacy and security of healthcare data is not placed at risk.

The expansion of telehealth services has not proven to be a great equalizer, as many people lack the technology to take advantage of telehealth services. “The disparities in access to technology reflect the underlying inequity that exists throughout society,” said Sen. Tina Smith (D-Minn), a view shared by Karen Rheuban, M.D., who suggested “Congress should provide support for further broadband deployment, including to the home, as appropriate, to reduce geographic and sociodemographic disparities in access to care.”

There was strong support for reimbursement for telephone visits to be continued. At Massachusetts General Hospital and Brigham and Women’s Hospital, 60% of telehealth visits took place over the telephone in the past 3 months. “Telephone visits are important to cross the digital divide. We should continue that level of reimbursement to address this underserved population,” said Joe Kvedar, president of the American Telemedicine Association.

In addition to advocating for permanent changes to originating site limitations, Kvedar recommended giving the HHS the flexibility to expand the list of practitioners and therapy services eligible for telehealth reimbursement and to continue the grant and technical assistance programs and also cover infrastructure needs.

There is a commonly held view among providers that the decision to continue offering telehealth is largely dependent on reimbursement rates for telehealth. If reimbursement is lower for virtual visits, that may prevent providers from continue offering telehealth over in-person visits. Sen. Mike Braun (R-Ind) suggested that there should not be pay parity due to the differences in overheads. Sen. Bill Cassidy (R-La.) also questioned whether reimbursement should be equal when telehealth reduces providers’ overhead costs.

While access to telehealth has been expanded for Medicare and Medicaid patients, changes also need to be made in the private sector. “It would be very difficult to conduct this care model in a world where we got some payment for some things and didn’t get paid for others,” suggested Kvedar. “As much harmonization as possible would be huge incentive for adoption and expansion,” said Rheuban.

The post Senate HELP Committee Considers Permanent Changes to Telehealth Policies appeared first on HIPAA Journal.

Guidance on Contacting COVID-19 Patients to Request Blood and Plasma Donations

Posted June 14, 2020 by HIPAA Journal

When patients contract an infectious respiratory disease such as COVID-19, the immune system develops antibodies that provide protection if the pathogen is encountered again. The antibodies in the blood of patients who recover from such an illness are valuable, as not only will they provide protection for the patient, that protection could potentially be transferred to other patients.

Through the donation of blood and plasma two preparations can be made: Convalescent plasma and hyperimmune immunoglobulin. Convalescent plasma and hyperimmune immunoglobulin have both been used to successfully treat patients who have contracted other viral respiratory diseases. Given the severity of COVID-19 and the high mortality rate, these treatments could be vital for patients who are struggling to fight the infection. Research studies are now underway to test whether antibody treatments are effective against COVID-19.

To participate in these programs, patients who have previously been diagnosed with COVID-19 will need to be contacted and asked if they are willing to donate blood and plasma, but is this contact permitted by the HIPAA Privacy Rule?

On June 12, 2020, the Department of Health and Human Services’ Office for Civil Rights issued guidance to healthcare providers on the HIPAA Privacy Rule and contacting COVID-19 patients to request blood and plasma donations.

OCR explained that the HIPAA Privacy Rule does not prohibit healthcare providers from contacting COVID-19 patients to request blood and plasma donations and prior authorization from the patient is not required.

Healthcare providers can contact patients to advise them about the opportunities for donating blood and plasma to support the response to COVID-19 to improve other patents’ chances of beating the disease.

HIPAA covered entities and business associates acting on their behalf can use or disclose PHI for the purpose of treatment, payment, and healthcare operations, without first receiving authorization to do so from a patient. Requesting a donation of blood or plasma does not fall into the category of treatment, as the blood/plasma will not be used to treat the patient, instead it is being used for population-based health care operations to improve health, case management, and care-coordination, which are included in the definition of healthcare operations.

There is some confusion over whether contacting patients to solicit blood donations would constitute marketing communications, which are generally not permitted by the HIPAA Privacy Rule without prior authorization from a patient.

In this case, an exception to the Privacy Rule’s Marketing provision applies. “A covered health care provider is permitted to make such communication for the covered entity’s population-based case management and related health care operations activities, provided that the covered entity receives no direct or indirect payment from, or on behalf of, the third party whose service is being described in the communication (e.g., a blood and plasma donation center),” explained OCR in the guidance.

An authorization is required from a patient before PHI can be disclosed to a third party, such as a blood and plasma donation center, to allow a COVID-19 patient to be contacted to request blood and plasma donations for the donation center’s own purposes.

The post Guidance on Contacting COVID-19 Patients to Request Blood and Plasma Donations appeared first on HIPAA Journal.

Telehealth Set to Stay so it’s Time to Get the Right Technology

Posted June 12, 2020 by HIPAA Journal

This year, in response to the COVID-19 public health emergency, the HHS’ Centers for Medicare and Medicaid Services (CMS) expanded coverage of telehealth service to include all Medicare beneficiaries, regardless of location.

Telehealth services eliminate the barriers to in-person care that have been created by the COVID-19 pandemic and allow practitioners to provide treatment to patients in their own homes and, by doing so, improve patient safety and control the spread of COVID-19. The expansion of coverage only applies during the coronavirus public health emergency, although calls have been increasing for the expanded CMS telehealth policies to continue after the public health emergency is declared over.

On June 9, 2020, in a virtual event on STAT News, CMS Administrator Seema Verma said she supported the permanent expansion of access to telehealth services. The FTC has also weighed, with executives expressing their support for the permanent removal of the geographical restrictions and continued expansion of the types of services that can be delivered by telehealth.

On May 21, 32 House members signed a letter urging Congress to give telehealth more time to prove itself and requested the relaxation of telehealth regulations to continue after the COVID-19 emergency period. The extension will ensure that sufficient data is collected to determine which of the new flexibilities should be made permanent.

Many providers and patients across the United States have taken advantage of telehealth services during the public health emergency and telehealth has proven popular with providers and patients alike. It is now looking likely that telehealth is here to stay, and virtual visits will replace in-person care in certain circumstances.

Telehealth was made much easier for providers by the HHS’ Office for Civil Rights, which issued a notice of enforcement discretion stating penalties and sanctions would not be imposed on healthcare providers for the good faith use of non-HIPAA-compliant communication technologies for providing telehealth services. That notice of enforcement discretion only applies during the public health emergency, after which healthcare providers will be required to switch to HIPAA-compliant solutions. Any provider that is not yet using a HIPAA-compliant telehealth application should now consider making the switch.

One HIPAA-compliant solution that has proven extremely popular during the pandemic is TigerTouch from TigerConnect. TigerTouch combines, video, voice, and text messaging into one convenient mobile and desktop app which allows internal communication with care team members and patient communication through the same app. The solution also supports the sharing of files and medical images, and as a fully HIPAA-compliant solution, it allows ePHI to be securely shared. Healthcare providers that have adopted the solution report significant cost savings, improved workflow efficiency, better patient care, and happier staff and patients.

TigerConnect hosted a webinar to showcase the solution and explain how the integrations and telehealth features of the solution are helping to improve the quality of care, increase patient safety, and improve patient satisfaction levels.

The webinar is available on-demand on this link.

The post Telehealth Set to Stay so it’s Time to Get the Right Technology appeared first on HIPAA Journal.

April 2020 Healthcare Data Breach Report

Posted May 20, 2020 by HIPAA Journal

There were 37 healthcare data breaches of 500 or more records reported in April 2020, up one from the 36 breaches reported in March. As the graph below shows, the number of breaches reported each month has been fairly consistent and has remained well below the 12-month average of 41.9 data breaches per month.

While the number of breaches increased slightly, there was a significant reduction in the number of breached healthcare records in April. 442,943 healthcare records were breached in April, down 46.56% from the 828,921 records breached in March. This is the second successive month where the number of exposed records has fallen. While this is certainly good news, it should be noted that in the past 12 months, 39.92 million healthcare records have been breached.

Largest Healthcare Data Breaches in April 2020

Name of Covered Entity	Covered Entity Type	Individuals Affected	Type of Breach	Location of Breached Information
Beaumont Health	Healthcare Provider	112,211	Hacking/IT Incident	Email
Meridian Health Services Corp.	Healthcare Provider	111,372	Hacking/IT Incident	Email
Arizona Endocrinology Center	Healthcare Provider	74,122	Unauthorized Access/Disclosure	Electronic Medical Record
Advocate Aurora Health	Healthcare Provider	27,137	Hacking/IT Incident	Email, Network Server
Doctors Community Medical Center	Healthcare Provider	18,481	Hacking/IT Incident	Email
Andrews Braces	Healthcare Provider	16,622	Hacking/IT Incident	Network Server
UPMC Altoona Regional Health Services	Healthcare Provider	13,911	Hacking/IT Incident	Email
Colorado Department of Human Services, Office of Behavioral Health	Healthcare Provider	8,132	Unauthorized Access/Disclosure	Network Server
Agility Center Orthopedics	Healthcare Provider	7,000	Hacking/IT Incident	Email
Beacon Health Options, Inc.	Business Associate	6,723	Loss	Other Portable Electronic Device

Causes of Healthcare Data Breaches in April

As was the case in March, hacking and IT incidents were the leading causes of healthcare data breaches. Unauthorized access/disclosure incidents were the next most common causes of breaches, an increase of 77.77% from the previous month.

333,838 records were compromised in the 18 reported hacking/IT incidents, which account for 75.37% of all records breached in April. The average breach size was 18,547 records and the median breach size was 4,631 records. There were 16 reported unauthorized access/disclosure incidents in April. The average breach size was 6,171 records and the median breach size was 1,122 records. In total, 98,737 records were breached across those 16 incidents.

There were two theft incidents reported in April, both involving portable electronic devices. The records of 3,645 individuals were stored on those devices. There was also one lost portable electronic device containing the records of 6,723 patients.

The bar chart below shows the location of breached protected health information. The chart shows email is by far the most common location of breached health information. 48.65% of all reported breaches in April involved PHI stored in emails and email attachments. The majority of those breaches were phishing attacks. Most healthcare data breaches involve electronic data, but one in five breaches involved PHI in paper files and charts.

Healthcare Data Breaches by Covered Entity Type

Healthcare providers were the worst affected covered entity type in April with 30 breaches reported. 4 health plans reported a breach in April, and three breaches were reported by business associates of HIPAA-covered entities. A further 8 breaches had some business associate involvement.

Healthcare Data Breaches by State

April’s data breaches were reported by covered entities and business associates in 22 states. Florida and Texas were the worst affected with 4 breaches each. There were three data breaches reported in Michigan and Pennsylvania, and two breaches affecting covered entities and business associates based in California, Connecticut, Minnesota, Missouri, and Wisconsin. One breach was reported by entities based in Arkansas, Arizona, Colorado, Delaware, Indiana, Massachusetts, Maryland, North Carolina, New Mexico, Nevada, Tennessee, Utah, and Washington.

HIPAA Enforcement Activity in April

There were no financial penalties imposed on covered entities or business associates by state Attorneys General or the HHS’ Office for Civil Rights in April.

The post April 2020 Healthcare Data Breach Report appeared first on HIPAA Journal.

Zoom Reaches Settlement with NY Attorney General Over Privacy and Security Issues

Posted May 12, 2020 by HIPAA Journal

Zoom reached an agreement with the New York Attorney General’s office and has committed to implementing better privacy and security controls for its teleconferencing platform. New York Attorney General Letitia James launched an investigation into Zoom after researchers uncovered a number of privacy and security issues with the platform earlier this year.

Zoom has proven to be one of the most popular teleconferencing platforms during the COVID-19 pandemic. In March, more than 200 million individuals were participating in Zoom meetings with usership growing by 2,000% in the space of just three months. As the number of users grew and the platform started to be used more frequently by consumers and students, flaws in the platform started to emerge.

Meeting participants started reporting cases of uninvited people joining and disrupting private meetings. Several of these “Zoombombing” attacks saw participants racially abused and harassed on the basis of religion and gender. There were also several reported cases of uninvited individuals joining meetings and displaying pornographic images.

Then security researchers started uncovering privacy and security issues with the platform. Zoom stated on its website that Zoom meetings were protected with end-to-end encryption, but it was discovered that Zoom had used AES 128 bit encryption rather than AES 256 bit encryption and its end-to-end encryption claim was false. Zoom was also discovered to have issued encryption keys through data centers in China, even though meetings were taking place between users in the United States.

Zoom used Facebook’s SDK for iOS to allow users of the iOS mobile app to login through Facebook, which meant that Facebook was provided with technical data related to users’ devices each time they opened the Zoom app. While Zoom did state in its privacy policy that third-party tools may collect information about users, data was discovered to have been passed to Facebook even when users had not used the Facebook login with the app. There were also privacy issues associated with the LinkedIn Sales Navigator feature, which allowed meeting participants to view the LinkedIn profiles of other meeting participants, even when they had taken steps to remain anonymous by adopting pseudonyms. The Company Directory feature of the platform was found to violate the privacy of some users by leaking personal information to other users if they had the same email domain.

Zoom responded quickly to the privacy and security issues and corrected most within a few days of discovery. The firm also announced that it was halting all development work to concentrate on privacy and security. The company also enacted a CISO Council and Advisory Board to focus on privacy and security and Zoom recently announced that it has acquired the start-up firm Keybase, which will help to implement end-to-end encryption for Zoom meetings.

Under the terms off the settlement with the New York Attorney General’s office, Zoom has agreed to implement a comprehensive data security program to ensure its users are protected. The program will be overseen by Zoom’s head of security. The company has also agreed to conduct a comprehensive security risk assessment and code review and will fix all identified security issues with the platform. Privacy controls will also be implemented to protect free accounts, such as those used by schools.

Under the terms of the settlement, Zoom must continue to review privacy and security and implement further protections to give its users greater control over their privacy. Steps must also be taken to regulate abusive activity on the platform.

“This agreement puts protections in place so that Zoom users have control over their privacy and security, and so that workplaces, schools, religious institutions, and consumers don’t have to worry while participating in a video call,” said Attorney General James.

The post Zoom Reaches Settlement with NY Attorney General Over Privacy and Security Issues appeared first on HIPAA Journal.

Improving Communication with Patients During the COVID-19 Public Health Emergency

Posted April 16, 2020 by HIPAA Journal

With lockdown measures in place to prevent the spread of the 2019 Novel Coronavirus, health systems have expanded their telehealth services to provide care to patients at home. Rather than have patients travel to hospitals and healthcare clinics, clinicians can make diagnoses and provide treatment to patients remotely using text messaging platforms and videoconferencing applications.

The HHS’ Office for Civil Rights issued a Notice of Enforcement Discretion in March confirming financial penalties will not be imposed on healthcare providers in relation to the good faith provision of telehealth services. OCR explained that it is permissible to use everyday communications solutions for providing telehealth services during the COVID-19 public health emergency, even if those platforms are not fully HIPAA-complaint.

While penalties for noncompliance may not be imposed for using these platforms, OCR warned that these consumer-grade platforms may introduce privacy risks, which patients should be made aware of. To ensure patient privacy and the security of any ePHI collected or disclosed during telehealth visits, HIPAA-compliant platforms should be used.

“Covered health care providers that seek additional privacy protections for telehealth while using video communication products should provide such services through technology vendors that are HIPAA compliant and will enter into HIPAA business associate agreements (BAAs) in connection with the provision of their video communication products,” explained OCR in its Notice of Enforcement Discretion.

New Telehealth Features Added to Popular HIPAA-Compliant Communication Solution

The HIPAA-compliant healthcare communication and collaboration solution provider, TigerConnect, has announced new features have been added to its TigerTouch text messaging solution to support voice and video calls with patients during the COVID-19 nationwide public health emergency.

In contrast to many consumer-focussed apps, which are not HIPAA-compliant and introduce privacy risks, TigerTouch is a fully HIPAA-compliant healthcare communication solution. TigerTouch combines the usability of mobile-centric communication applications such as WhatsApp, with bulletproof security controls to ensure the privacy of patients is protected.

TigerTouch can be used by healthcare providers to directly engage with patients, no matter where they are located. Clinicians can use TigerTouch for 1-on-1 conversations with patients or group conversations at any point during a health event, from diagnosis to hospitalization to follow ups with patients after they have been discharged. The solution is ideal for conducting virtual visits with patients, allowing them to remain in the safety of their own homes.

“Patients today expect a fast and easy direct line of communication with their healthcare provider, yet it’s easier to text my pizza delivery guy than to text my doctor,” said TigerConnect co-founder and CEO Brad Brooks. “COVID-19 has driven home how important it is to get treatment anywhere remotely to protect both patients and doctors. By relying on a simple, much-beloved text platform, we designed TigerTouch to deliver a powerful telehealth solution at a fraction of the cost of more complicated solutions. This is a vital advance that enables health systems to deepen patient support right when they need it most.”

The TigerConnect platform has been adopted by more than 6,000 healthcare providers and more than 10 million messages are sent through the platform every day by healthcare providers such as Danville, PA-based Geisinger Health System. “At Geisinger, we’ve already seen the tremendous value of TigerConnect with improved communication across the entire health system, so bringing patients into these conversations is the next logical step that could greatly improve the quality of the care we provide,” said Dr. Jonathan Slotkin, Geisinger Health Systems’ Director of Spinal Surgery.

The post Improving Communication with Patients During the COVID-19 Public Health Emergency appeared first on HIPAA Journal.

Webinar Today: Communication Best Practices During a Pandemic

Posted March 18, 2020 by HIPAA Journal

During the 2019 Novel Coronavirus pandemic, instant, immediate, and enterprise-wide communication is essential for slowing the spread of the virus and ensuring service continuity.

Relatively little is known about the Novel Coronavirus and how it is spread. It is a fast-evolving situation and new information is regularly being released by researchers and public health authorities. That information and updates to policies and procedures need to be rapidly communicated across healthcare organizations. It is also important for healthcare professionals to monitor the condition of patients who are self-isolating at home after displaying symptoms of COVID-19.

The 2019 Novel Coronavirus pandemic is placing health systems under a great strain and fast, effective, and efficient internal and external communication is critical.

TigerConnect, the leading secure healthcare communication platform provider, is hosting a webinar where the company’s healthcare communication experts will share communication and collaboration best practices for organizational preparedness, effective response, and service continuity during the 2019 Novel Coronavirus pandemic, and other times of crisis.

During the webinar, TigerConnect will discuss best practices for workflow readiness, how to accelerate internal and external communication, effective broadcasting of important updates to staff and external partners, how patient diagnosis and isolation workflows can be expediated, the best way to prioritize alerts for critical patients, how to ensure staff safety, and the use of text messaging to monitor patients who are self-isolating at home.

The TigerConnect platform has been adopted by more than 6,000 healthcare organizations to collaborate and communicate effectively. One of those healthcare organizations, Singapore Health, is using the TigerConnect platform to improve enterprise-wide communication and coordinate its response to COVID-19 cases. Singapore Health has been commended for the efficiency and effectiveness of its response to the crisis. TigerConnect will be sharing information on the lessons learned to help U.S. healthcare providers deal with the COVID-19 crisis more effectively.

The webinar is being hosted by Dr. Will O’Connor, Chief Medical Information Officer, TigerConnect and Julie Grenuk, Nurse Executive, TigerConnect.

The webinar will consist of a live presentation followed by a Q&A session.

Webinar Details:

Date: Thursday, March 19^th, 2020
Time: 2 p.m. ET / 11 a.m. PT

Click here to register for the free webinar

The post Webinar Today: Communication Best Practices During a Pandemic appeared first on HIPAA Journal.

Telehealth Services Expanded and HIPAA Enforcement Relaxed During Coronavirus Public Health Emergency

Posted March 18, 2020 by HIPAA Journal

In an effort to prevent the spread of the 2019 novel coronavirus, patients suspected of being exposed to the virus and individuals with symptoms of COVID-19 have been told to self-isolate at home. It is essential for contact to be maintained with people at risk, especially seniors and people with disabilities.

Telehealth services, including video calls, can help healthcare professionals assess and treat patients remotely to reduce the risk of transmission of the coronavirus. Telehealth services can also be used to maintain contact with patients who choose not to visit medical facilities due to the risk of exposure to the virus.

On Monday, March 16, 2020, the Trump Administration announced that telehealth services for Medicare beneficiaries have been expanded. Prior to the announcement, doctors were only able to claim payment for telehealth services provided to people living in rural areas and no access to local medical facilities and for patients with established relationships with billing providers.

“We are doing a dramatic expansion of what’s known as telehealth for our 62 million Medicare beneficiaries, who are amongst the most vulnerable to the coronavirus,” explained Seema Verma, administrator of the Centers for Medicare and Medicaid Services (CMS). “Medicare beneficiaries across the nation—no matter where they live—will now be able to receive a wide-range of services via telehealth without ever having to leave home. These services can also be provided in a variety of settings, including nursing homes, hospital outpatient departments, and more.”

Effective March 6, 2020, Medicare will reimburse a wide range of healthcare providers for office and telehealth visits, including nurse practitioners, social workers, and clinical psychologists. Reimbursement will be at the same rate as face-to-face visits.

Relaxation of Enforcement of Noncompliance with HIPAA

Telehealth services are subject to HIPAA regulations. The technology used, such as smartphone and communications platforms, must comply with HIPAA rules and have safeguards in place to ensure the confidentiality, integrity, and availability of ePHI. During a public health emergency such as a disease outbreak the HIPAA Security Rule still applies. Healthcare professionals that provide telehealth services would, under normal circumstances, not be permitted to use certain video conferencing technology such as Facetime or Skype, as the services are not fully compliant with HIPAA.

The HHS’ Office for Civil Rights announced on March 17, 2020 that it is taking a more relaxed position on HIPAA enforcement of noncompliance with certain HIPAA provisions related to telehealth services. “OCR will exercise its enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency. This notification is effective immediately,” explained OCR in its Notification of Enforcement Discretion for telehealth.

OCR confirmed that during the coronavirus public health emergency, healthcare providers are permitted to use “any non-public facing remote communication product that is available to communicate with patients,” in connection with good faith provision of telehealth. That enforcement discretion also applies to telehealth services related to the diagnosis and treatment of health conditions unrelated to COVID-19. While enforcement has been relaxed, Verma said “it is still important for covered entities must continue to implement reasonable safeguards to protect patient information against intentional or unintentional impermissible uses and disclosures.”

While OCR does not endorse the use of certain products, it has been suggested that healthcare providers could use Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, or Skype. Public facing chat and communications platforms such as Facebook Live, Twitch, and TikTok would not be permitted for telehealth purposes.

OCR reminded covered entities that they can obtain greater privacy protections by using HIPAA-compliant video communications solutions and should obtain a signed business associate agreement. Provides of platforms that do sign BAAs and provide a HIPAA compliant service include TigerConnect, Skype for Business, Zoom for Healthcare, Updox and VSee.

“OCR will not impose penalties against covered health care providers for the lack of a BAA with video communication vendors or any other noncompliance with the HIPAA Rules that relates to the good faith provision of telehealth services during the COVID-19 nationwide public health emergency,” explained OCR in its notice. When the public health emergency ends, penalties would apply if a BAA is not in place and communications platforms are used that are not HIPAA compliant.

The post Telehealth Services Expanded and HIPAA Enforcement Relaxed During Coronavirus Public Health Emergency appeared first on HIPAA Journal.

TigerConnect Secure Communications Platform Offered to Hospitals Free of Charge During COVID-19 Pandemic

Posted March 16, 2020 by HIPAA Journal

TigerConnect, the provider of the most widely used secure healthcare communications platform in the United States, has announced that U.S. health systems and hospitals can use its platform free of charge to help support COVID-19 related communications during the novel coronavirus pandemic.

TigerConnect has been tracking COVID-19 and the impact it is having on the U.S. healthcare system. Unsurprisingly given the rapid spread of the virus, use of its secure communications platform has surged. The company also reports that it is receiving an increasing number of calls from customers looking to expand licenses to make sure all staff have access to the platform to expedite internal and external communication and support isolation workflows.

The TigerConnect platform can be used to create dedicated channels for COVID-19 communications to provide support for patients and staff members. The platform ensures instant and immediate communication of preparedness plans, staff schedules, guidelines on infection control and isolation protocols, and other critical information. Users of the platform can contact any person within a healthcare system instantly, without knowing their number or extension.

“As part of the healthcare community, we harbor a sense of duty to do everything we can to keep the flow of information moving as quickly as possible,” explained TigerConnect. “This is the time to remove any barriers that might keep organizations from having every tool they need to fight COVID-19.”

Hospitals and health systems that have not yet adopted the TigerConnect platform are being offered complimentary use of the TigerConnect secure texting network for up to 6 months to support COVID-19 communications. Existing customers will be provided with complimentary expansion of TigerText Essentials licenses for up to 6 months. TigerConnect has also announced that it will be extending support hours and publishing resources and conducting webinars to help current and new users of the platform optimize communications.

As has been seen in Europe, which is now the epicenter of the COVID-19 pandemic, hospitals and health systems are stretched and struggling to cope with the number of cases. Immediate, enterprise-wide communication is critical for preventing the spread of the disease.

In Singapore, stringent measures have been implemented to prevent the spread of the novel coronavirus. As of March 14, there have been 200 cases of COVID-19 in Singapore but no COVID-19 deaths. Coordinating the response to COVID-19 and ensuring resources are correctly allocated has been a major challenge, but one that has been helped by having an efficient communications system in place. 55,000 healthcare professionals in Singapore are using the TigerConnect platform and usage has increased fivefold in the past three weeks. Being prepared and having the systems in place to deal with outbreaks of disease that support fast and efficient communication has been invaluable.

“It is clear that identifying new cases quickly and sharing that information among key stakeholders is crucial to containment and treatment,” explained TigerConnect co-founder and CEO, Brad Brooks. “Our mission is to help organizations remove the barriers that might slow down those responses as we continue to partner with the organizations on the front lines of this crisis.”

The post TigerConnect Secure Communications Platform Offered to Hospitals Free of Charge During COVID-19 Pandemic appeared first on HIPAA Journal.

Daily HIPAA News, HIPAA RSS Feeds, HIPAA Information