Handling Protected Health Information With Care: Staying Compliant in the Age of Telehealth
Healthcare providers who are using telehealth in cases of good faith can now deliver care from anywhere, thanks to the COVID-19 Health and Human Services (HHS) Office for Civil Rights (OCR) waiver of potential HIPAA penalties. However, organizations handling protected health information (PHI) must still remain vigilant. The urgency to manage COVID-19 has created an environment where organizations are moving very quickly, making it very challenging for their personnel who are handling PHI on a daily basis to remain compliant.
Many organizations are not aware of HIPAA’s far-reaching regulatory arm. Any organization that manages, transmits, or comes in contact with PHI is subject to its rules. As this data is shared, it is at risk of being saved in unsecure locations, such as instant messaging during video conferencing, cloud drives, or even in clipboards.
Small to mid-size companies who have been collecting PHI with the best intentions have been caught off guard and are at risk of HIPAA violations. Ensuring compliance always begins with the data, so it is critical that your clients understand the scope of risk, as it pertains to where all their PHI data is located and who has access to it.
Whether it be assisting with data discovery, data mapping, or providing HIPAA consulting services, our compliance team is ready to help. For more information, please reach out to reach out to Suzanne Miller at smiller@citrincooperman.com or Kevin Ricci at kricci@citrincooperman.com.
Related Insights
All InsightsOur specialists are here to help.
Get in touch with a specialist in your industry today.