Therapists, Telehealth, and HIPAA Email
Your patients value your counsel, and are willing to share with you their deepest, personal struggles. As a therapist, you handle that information as a sacred trust. Unfortunately that trust may be broken — however unintended — through an unwise use of technology.
No doubt, technology allows for flexibility in the way you share and store protected health information; you harness the tools that best fit the needs of your practice. In addition, HIPAA privacy regulations — while calling for the application of appropriate protections for both you and your clients — weren’t intended to endorse specific technical solutions. The reason is clear: technologies are subject to flux, and the changes are rapid.
In our present context, where life and ways of operating have changed significantly since Covid-19, one means of communication you’ve probably already transitioned to (or increased your use of) as a way of safely continuing to see clients, is telehealth services. Some EHR solutions already support this technology, with built in, secure telehealth software integrated in their dashboards.
Telehealth Limitations
While we can be grateful that such technology makes therapy sessions possible — aided by the reality of a smartphone or computer in almost every home — certainly telehealth hasn’t been without its practical and therapeutic limitations.
“It is harder for some folks to be in a private setting, or feel like they can get to a space where they won’t be overheard, so they sometimes won’t talk about topics that they would otherwise discuss freely with me in my office setting,” says Sarah Harrier, founder of Blue Lotus Therapy Services, LLC. In addition, “technical difficulties such as a freezing video screen or inadequate audio can also be a setback to effective meetings.”
During sessions, telehealth technology may also limit the potential to miss important “visual, non-verbal cues, like a bouncing foot or someone wringing their hands with anxiety,” Sarah notes. These in-the-moment cues can sometimes alter the course of the session, providing “an opportunity to address coping strategies, right then and there.”
So will she continue to use it? “Face-to-face meetings are generally more beneficial due to avoiding the barriers listed above, but it does make for a great solution if someone would otherwise miss their appointment (i.e. traffic, has a fever but still wants to meet, etc). I will probably still use telehealth as an option for some clients. I live and work in Michigan and it’s my understanding that our Governor just put into place the need for insurance companies here to allow telehealth indefinitely. This will make telehealth services a viable and preferred option for many clients across the State.”
Telehealth’s rapid expansion — in part due to Covid-19 — means there are more telehealth options than ever to choose from — either as part of an EHR solution, or as stand-alone software. HIPAA Vault is proud to play a supporting role for telehealth efforts, providing secure, cost-effective and compliant hosting with a highly scalable infrastructure to assist the growth of your practice moving forward.
What about Secure Email?
Another communication technology you’ve probably relied on — long before the Covid pandemic — is email. A convenient means of sending and receiving sensitive patient data, email can be HIPAA compliant — as long as the proper protections in place. Proactive therapists like Sarah
understand that an indispensable technology for this is encryption — a service integrated into all HIPAA Vault solutions.
For those who are unaware, encryption is the process of “disguising” email content to make it unreadable, not only in transit, but all the way to the recipients inbox. Once received, the recipient can open and decrypt the email to make it readable only for the intended parties.
Private communications with email depend on an encrypted network connection to make them secure, which encrypts the message itself before it leaves the sender’s inbox. Should the email be intercepted by an unauthorized user or hacker who gains access to password protected accounts, the contents will be unreadable.
GMail and Office 365
Popular offerings that need to be configured for HIPAA compliance include Gmail and Office 365 by Microsoft. If your organization utilizes G Suite (Google Apps), then Google is willing to sign a Business Associate Agreement (BAA) with you as the covered entity. Required by HIPAA, this contract stipulates that Google will use the appropriate safeguards to protect PHI. A third-party vendor like HIPAA Vault is still required to ensure the encryption of the email from inbox to inbox (see our HIPAA compliant Gmail solution).
Once set up, Gmail can also be used for PHI on a mobile device, though again, special care must be taken to prevent unauthorized access. Google offers a two-factor authentication app for added security, requiring a password and an additional code or physical token that only the user has access to.
Microsoft’s Office 365 is another popular suite of tools that offers email, chat, and more to business users. (Additional versions of Office 365 are
available for the US Government as well). Like Gmail, Microsoft Office 365 requires a third-party to configure encryption for inbox to inbox transmission, and users must sign a BAA. Office 365 is also easily used on a smartphone or tablet, and offers the two-factor authentication app for added security.
HIPAA Vault meets the need for a cost effective, fully secure solution for HIPAA Compliant email with advanced encryption technology that can integrate seamlessly with existing email infrastructure — including Gmail and Office 365. Transport Layer Security (TLS) allows users to securely transmit PHI through a secure network, harnessing advanced Data loss prevention capabilities to maintain HIPAA compliance, and prevent your sensitive data from falling into the wrong hands.
Summary: Secure Solutions, Strong Support
Despite its potential drawbacks, telehealth services are clearly on the rise. Many clients seeking therapy simply find the convenience appealing; on a global scale, the technology is already reaching into remote places that might otherwise be prevented from receiving care. Certainly, we can also be grateful for telehealth’s continuing role in helping to “flatten the curve” of Covid-19.
Yet while HIPAA privacy regulations call for secure solutions — whether for telehealth or email — the changing nature of technology also includes ever-evolving attack vectors from those who wish to compromise sensitive health data. With a range of communication technologies at your disposal, such as compliant WordPress websites with secure portals, secure faxing and forms, and cloud-based file management tools like HIPAA Drive, it helps to have a strong technical support team with the latest security expertise behind you.
HIPAA Vault’s 24/7 managed security services — standard with all our solutions — means that we’re on the job for you, in support of any technical questions and needs that may arise. Questions about how you can secure your communications for HIPAA Compliance, and receive world-class support at the same time? Give us a call (760–290–3460), or chat with us online at www.hipaavault.com.
HIPAA Vault is a leading provider of HIPAA compliant solutions, enabling healthcare providers, business organizations, and government agencies to secure their protected health information from data breaches, threats, and security vulnerabilities. Customers trust HIPAA Vault to mitigate risk, actively monitor and protect their infrastructure, and ensure that systems stay online at all times. In addition to providing secure infrastructure for telehealth companies, HIPAA Vault provides secure email, HIPAA compliant WordPress, and secure file sharing solutions.
