fbpx
28
Jul
2020

Therapists, Telehealth, and HIPAA Email

By Stephen Trout
Therapyhipaavault

Your patients value your counsel, and are willing to share with you their deepest, personal struggles. As a therapist, you handle that information as a sacred trust. Unfortunately, that trust may be broken – however unintended – through an unwise use of technology.  

No doubt, technology allows for flexibility in the way you share and store protected health information; you harness the tools that best fit the needs of your practice. 

In addition, HIPAA privacy regulations – while calling for the application of appropriate protections for both you and your clients – weren’t intended to endorse specific technical solutions. The reason is clear: technologies are subject to flux, and the changes are often rapid.

In our present context, where life and ways of operating have changed significantly since COVID-19, one means of communication you’ve probably already transitioned to (or increased your use of) as a way of safely continuing to see clients, is telehealth services. Some EHR solutions already support this technology, with built-in, secure telehealth software integrated into their dashboards.  

Telehealth Limitations

While we can be grateful that such technology makes therapy sessions possible – aided by the reality of a smartphone or computer in almost every home – certainly telehealth hasn’t been without its practical and therapeutic limitations. 

“It is harder for some folks to be in a private setting, or feel like they can get to a space where they won’t be overheard, so they sometimes won’t talk about topics that they would otherwise discuss freely with me in my office setting,” says Sarah Harrier, founder of Blue Lotus Therapy Services, LLC. In addition, “technical difficulties such as a freezing video screen or inadequate audio can also be a setback to effective meetings.”

During sessions, telehealth technology may also increase the potential to miss important “visual, non-verbal cues, like a bouncing foot or someone wringing their hands with anxiety,” Sarah notes. These in-the-moment cues can sometimes alter the course of the session, providing “an opportunity to address coping strategies, right then and there.”  

So will she continue to use it? “Face-to-face meetings are generally more beneficial due to avoiding the barriers listed above, but it does make for a great solution if someone would otherwise miss their appointment (i.e. traffic, has a fever but still wants to meet, etc). I will probably still use telehealth as an option for some clients. I live and work in Michigan and it’s my understanding that our Governor just put into place the need for insurance companies here to allow telehealth indefinitely. This will make telehealth services a viable and preferred option for many clients across the State.”

Telehealth’s rapid expansion – in part due to COVID-19 – means there are more telehealth options than ever to choose from – either as part of an EHR solution or as stand-alone software. HIPAA Vault is proud to play a supporting role in telehealth efforts, providing secure, cost-effective, and compliant hosting with a highly scalable infrastructure to assist the growth of your practice moving forward.    

What about Secure Email?      

Another communication technology you’ve probably relied on – long before the COVID-19 pandemic – is email. A convenient means of sending and receiving sensitive patient data, email can be HIPAA compliant – as long as the proper protections in place. Proactive therapists like Sarah understand that an indispensable technology for this is encryption – a service integrated into all HIPAA Vault solutions. 

For those who are unaware, encryption is the process of “disguising” email content to make it unreadable, not only in transit, but all the way to the recipient’s inbox. Once received, the recipient can open and decrypt the email to make it readable only for the intended parties. 

Private communications with email depend on an encrypted network connection to make them secure, which encrypts the message itself before it leaves the sender’s inbox. Should the email be intercepted by an unauthorized user or hacker who gains access to password-protected accounts, the contents will be unreadable. 

Gmail and Office 365

Popular offerings that need to be configured for HIPAA compliance include Gmail and Office 365 by Microsoft. If your organization utilizes G Suite (Google Apps), then Google is willing to sign a Business Associate Agreement (BAA) with you as the covered entity. Required by HIPAA, this contract stipulates that Google will use the appropriate safeguards to protect PHI. A third-party vendor like HIPAA Vault is still required to ensure the encryption of the email from inbox to inbox (see our HIPAA compliant Gmail solution).

Once set up, Gmail can also be used for PHI on a mobile device, though again, special care must be taken to prevent unauthorized access. Google offers a two-factor authentication app for added security, requiring a password and an additional code or physical token that only the user has access to.

Microsoft’s Office 365 is another popular suite of tools that offers email, chat, and more to business users. (Additional versions of Office 365 are available for the US Government as well). Like Gmail, Microsoft Office 365 requires a third-party to configure encryption for inbox to inbox transmission, and users must sign a BAA. Office 365 is also easily used on a smartphone or tablet, and offers the two-factor authentication app for added security.

HIPAA Vault meets the need for a cost-effective, fully secure solution for  HIPAA Compliant email with advanced encryption technology that can integrate seamlessly with existing email infrastructure – including Gmail and Office 365. Transport Layer Security (TLS) allows users to securely transmit PHI through a secure network, harnessing advanced Data loss prevention capabilities to maintain HIPAA compliance, and prevent your sensitive data from falling into the wrong hands.

Summary: Secure Solutions, Strong Support

Despite its potential drawbacks, telehealth services are clearly on the rise. Many clients seeking therapy simply find the convenience appealing; on a global scale, the technology is already reaching into remote places that might otherwise be prevented from receiving care. Certainly, we can also be grateful for telehealth’s continuing role in helping to “flatten the curve” of COVID-19.  

Yet while HIPAA privacy regulations call for secure solutions – whether for telehealth or email – the changing nature of technology also includes ever-evolving attack vectors from those who wish to compromise sensitive health data. With a range of communication technologies at your disposal, such as compliant WordPress websites with secure portals, secure faxing and forms, and cloud-based file management tools like HIPAA Drive, it helps to have a strong technical support team with the latest security expertise behind you. 

HIPAA Vault’s 24/7 managed security services – standard with all our solutions – means that we’re on the job for you, in support of any technical questions and needs that may arise.  Questions about how you can secure your communications for HIPAA Compliance, and receive world-class support at the same time? Give us a call (760-290-3460), or chat with us online at www.hipaavault.com

HIPAA Vault is a leading provider of HIPAA compliant solutions, enabling healthcare providers, business organizations, and government agencies to secure their protected health information from data breaches, threats, and security vulnerabilities. Customers trust HIPAA Vault to mitigate risk, actively monitor and protect their infrastructure, and ensure that systems stay online at all times. In addition to providing secure infrastructure for telehealth companies, HIPAA Vault provides secure email, HIPAA compliant WordPress, and secure file sharing solutions. 

 

Our certifications