|
U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office for Civil Rights
|
_________________________________________________
October 18, 2023
HHS Office for Civil Rights Issues Resources for Health Care Providers and Patients to Help Educate Patients about Telehealth and the Privacy and Security of Protected Health Information
Today, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), issued two resource documents to help explain to patients the privacy and security risks to their protected health information (PHI) when using telehealth services and ways to reduce these risks.
The first resource is for health care providers on “Educating Patients about Privacy and Security Risks to Protected Health Information when Using Remote Communication Technologies for Telehealth.” Although health care providers are not required by the HIPAA Rules to provide this education, the resource supports the continued and increased use of telehealth by providing information to help health care providers who choose to discuss telehealth privacy and security with patients. The resource provides suggestions for discussing:
- Telehealth options offered
- Risks to PHI when using remote communications technologies
- Privacy and security practices of remote communication technology vendors
- Applicability of civil rights laws
OCR also issued a resource for patients called “Telehealth Privacy and Security Tips for Patients.” This resource provides recommendations that patients can implement to protect and secure their health information such as:
- Conduct telehealth appointment in a private location
- Turn on multi-factor authentication if available
- Use encryption when available
- Avoid public Wi-Fi networks
“Telehealth is a wonderful tool that can increase patients’ access to health care and improve health care outcomes,” said OCR Director Melanie Fontes Rainer. “Health care providers can support telehealth by helping patients understand privacy and security risks and effective cybersecurity practices so patients are confident that their health information remains private.”
The Guidance on Educating Patients about Privacy and Security Risks to Protected Health Information when Using Remote Communication Technologies for Telehealth may be found at https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/telehealth-privacy-security/index.html.
The Guidance on Telehealth Privacy and Security Tips for Patients may be found at https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/resource-health-care-providers-educating-patients/index.html.
OCR is committed to enforcing the HIPAA Rules that protect the privacy and security of peoples’ health information. Guidance about the Privacy Rule, Security Rule, and Breach Notification Rules can also be found on OCR’s website. If you believe that your or another person’s health information privacy or civil rights have been violated, you can file a complaint with OCR at https://www.hhs.gov/ocr/complaints/index.html.
