With COVID-19 sweeping across the world without any signs of containment or abatement; health care providers are under greater pressure than they have been since the second world war. Your primary aim has to be to ensure that no one is left out as that would leave the novel coronavirus unchecked. Except for those providers who are based in the large cities, most doctors, facilities, laboratories, and clinics need to cater to a vast rural population, many of whom might live in mountainous areas not served by health care facilities close by. While communicating with them is vital; you also need to remain compliant with the security and privacy provisos of HIPAA
Heed This Directive from the OCR
The Office for Civil Rights (OCR) of the U.S Department of Health and Human Services (HHS) issued a press release on March 17, 2020 in which it recognized the HIPAA challenges involved in ensuring that every patient receives health care service during the COVID-19 pandemic. Therefore, it has declared that, “it will exercise its enforcement discretion, and will waive potential penalties for HIPAA violations against health care providers that serve patients through everyday communications technologies during the COVID-19 nationwide public health emergency”.
What Does It Mean for You?
The implication is clear that if you need to communicate with any patient using modern communication technology like Skype, G-Talk, or Face Time to diagnose and treat patients; then the OCR would overlook potential HIPAA violations when reaching out to your patients. As long as you use telehealth services responsibly, even remote video calling to treat patients living in geographically remote areas will be excepted by the OCR. More guidance is expected to be issued by the OCR and CMS as the crisis deepens.
Serve patients wherever they are: “We are especially concerned about reaching those most at risk, including older persons and persons with disabilities,” Roger Severino, OCR Director was quoted as saying in the press release. He added, “We are empowering medical providers to serve patients wherever they are during this national public health emergency.”
Extensive Data Sharing on the Cards
As a health care provider, you will find that you must share patient data quite extensively with other providers for epidemiologic mapping, especially if there have been any breakthroughs in treatment, or where some line of treatment has created unforeseen complications. For example, doctors are finding that, as in the SARS epidemic at the beginning of the century, using ibuprofen for symptomatic relief in COVID-19 patients is proving counterproductive. You will also need to submit data to the government to aid the treatment and containment of the spread of the novel coronavirus.
What Your IT Department Can Do
Since providers will need to do a great deal of telehealth conferencing, your IT department would do well to ensure secure internet connection by using a secure VPN on all your devices like laptop, smartphone, tab, and even electronic camera. Never conduct any communications using an unsecured wi-fi anywhere. Your IT department must be vigilant about preventing, tracking, and mitigating any data breach. Lowering your cybersecurity guard to deal with special situations like a pandemic can be potentially disastrous. Remember, every emergency is a gold mine for cybercriminals and the dark web.
Be Wary of Unexpected Or Suspicious Communications
Watch out for phishing emails purporting to come from the HHS, and World Health Organization (WHO) giving you the latest updates and advisories on COVID-19, which require you to click on a link. These install remote access Trojans disguised as files or documents to steal your data and perpetuate ransomware. Obviously, your patients’ welfare will be the top priority, but try to remain as compliant as possible even during this emergency to protect your patients and your organization.
