On May 11, 2023, the Public Health Emergency (PHE) will come to an end. This will have a direct impact on telehealth. That’s why we’ve compiled some of the key changes into a quick, three-part checklist.
Keep in mind that your local regulations may be different than what’s listed here. It’s always recommended that you know your local laws.
Before we jump into the checklist, let’s get some context on the PHE.
What is the PHE and how has it affected telehealth providers?
The PHE, or Public Health Emergency, was put into place during the COVID-19 pandemic. It temporarily suspended some rules and regulations while the healthcare system was overwhelmed.
Enacting the PHE gave providers freedom to better address the needs of patients. This included giving providers the ability to quickly use telehealth in place of in-person visits.
Many providers have continued to use telehealth. Once the PHE is over, these providers will need to understand how HIPAA and other regulations will affect their practice.
End of PHE telehealth checklist
Now that we understand what the PHE is, let’s look at some telehealth best practices you can begin to implement now. As always, check local regulations for specifics on how these apply to your practice.
Use HIPAA-compliant telehealth software
Public-facing platforms like WhatsApp, Facebook Messenger, and FaceTime will no longer be options for telehealth calls. Instead, look for video calling software created specifically for healthcare. Here are a few things that make a telehealth platform HIPAA-compliant:
- It uses encryption to transfer Protected Health Information (PHI)
- It has a Business Associate Agreement (BAA)
Collect patient consent digitally
Not everyone owns a printer (and even if they do, there’s always a chance it’s out of ink or not working). So, unlike an in-person visit, it’s important to have a digital way to collect patient consent. This can include using software like DocuSign, but again, a BAA with DocuSign would be needed. If you don’t want to pay for software like DocuSign, look for a telehealth platform with built-in consent forms.
Learn more about consent requirements in your state.
Don’t share login information
Sharing login information is never a great idea, but when it comes to protecting PHI, it’s even more important. Give each user their own login information, and remind them to keep this information private. If you have a lot of employees that need access to telehealth software, look for group discounts.
Giving each employee their own telehealth account can have other benefits, like being able to designate different roles (like administrator, provider, etc.). These roles can add an extra layer of security since only certain information is available to different accounts. Some telehealth platforms also let you track information like call time for each account.
Additional security measures like single sign-on and two-factor authentication can improve security, but they are not necessary for HIPAA compliance.
When is the PHE expected to end and how might this impact telehealth services?
The PHE will come to an end on May 11, 2023. However, there will be extensions (some lasting until the end of 2024) for certain services and situations.
For more information on telehealth policies and best practices, visit telehealth.hhs.gov.
Doxy.me is a HIPAA-compliant platform
Doxy.me was created specifically for healthcare professionals and is HIPAA compliant. Learn more about doxy.me’s security, privacy policy, and how we follow HIPAA regulations, including third-party verification of HIPAA compliance. Rest assured that we’ve gone the extra mile to ensure your patients’ information is secure.
Looking for a HIPAA-compliant telehealth solution? Sign up for a doxy.me account.