Privacy and Security Information and FAQs

Visit the General FAQs for other commonly asked telehealth questions.

Email Lee Emeni at lemeni@e-healthdc.org to add a question.

Telehealth Platform Guidance

During the national public health emergency, patients can use popular, third party technology platforms, such as Google Hangouts, Skype, and Zoom, to engage with their providers.
eHealthDC supports use of HIPAA-compliant technology with a business associate agreements (BAAs) established to protect PHI and conduct telehealth visits in a secure manner.
If a provider uses a third party technology platform allowed by OCR during the public health emergency, eHealthDC recommends informing patients that consumer technologies such as Google HangOuts, Zoom, and Skype, may involve unsecure transmission.

Telehealth Platforms Allowed During National Emergency

On March 17, the US Department of Health and Human Services’ Office of Civil Rights (OCR) acted to accelerate telehealth by relaxing regulation related to the use of technology.

Z
Health care providers may use popular non-public facing applications for video chats, including Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, Zoom, or Skype, to provide telehealth without risk that OCR might seek to impose a penalty for noncompliance with the HIPAA Rules related to the good faith provision of telehealth during the COVID-19 nationwide public health emergency.
Z
Covered health care providers that seek additional privacy protections for telehealth while using video communication products should provide such services through technology vendors that are HIPAA compliant and will enter into HIPAA business associate agreements (BAAs) in connection with the provision of their video communication products.

FAQS on Privacy and Security

Invisible
What platforms can I use to conduct telehealth visits in the District?

The OCR relaxed regulations apply to providers and patients in the District of Columbia, which allow the use of popular, non-HIPAA compliant technologies such as Apple FaceTime, Facebook Messenger, Google Hangouts, and Skype to conduct telehealth visits. These changes only apply to visits conducted as early as March 6, 2020, will apply to the duration of the public health emergency, and will end 60 days after the mayor declares an end to the public health emergency.

On March 25, 2020, DHCF released a DC Medicaid Telemedicine Guide that cautioned providers about non-HIPAA compliant applications, reviewed available third party products, and compared the costs, features, and implementation for four products.

Sources:
March 19, 2020 Transmittal #20-08 from Melissa Byrd, Senior Deputy Director/State Medicaid Director DC Medicaid Telemedicine Guide

Do I need to update my policies and procedures? What kind of policies should I have in place?

The extent to which policies and procedures need to be modified depend on whether providers are already using telemedicine technologies in their current practices. eHealthDC recommends checking with your compliance staff and/or legal counsel to determine the additional policies and procedures that may be appropriate.

What kind of privacy and security practices should I tell providers working from home to follow?

Test the quality of internet, if possible, to ensure the visit can be conducted from their particular device (phone/tablet/computer).

Verify VPN to network in the clinic and/or secure wireless (this means having a level of encryption on your network and password)

Need up to date anti-malware and anti-virus on dedicated business or practice laptop to avoid interception; use home computers as a last resort. If a home computer is used, no PHI should be saved to the local hard drive.

Private location to conduct telemedicine visits, without distraction from family or pets.

Additional Telehealth Resources

Guidance on Telehealth Visits in the District

Resources for Allscripts and eClinicalWorks Users

The information and guidance on this site applies to the national public health emergency due to COVID-19.