By Suze Shaffer
July 15, 2020
The Office for Civil Rights (OCR) back in March relaxed it’s enforcement for non-compliance with regards to telemedicine. They permitted the use of audio/video communication applications such as Facetime, Google hangouts, Zoom, and Skype without risk that a provider could be issued a penalty for non-compliance. Providers were encouraged to inform their patients of potential privacy risks and do their best to engage encryption and whatever means they had available to secure the data.
Even though some states are experiencing a surge in more COVID cases, medical providers are expected to seek HIPAA qualified products and obtain a business associate agreement. Telehealth providers should now have an agreement ready that will include state law provisions and data security information. Medical providers should read this agreement carefully to ensure the data security is outlined and meets their state law breach notification guidelines. Ideally, it would be best for the vendor to sign YOUR business associate agreement if you have one that has outlined security requirements.
If a medical provider does not obtain a signed business associate from a vendor, the medical provider should terminate using the vendor. Just because a vendor doesn’t sign a BAA it does NOT release them from liability. It just means the liability falls on the medical provider for not obtaining the signed document. Furthermore, the medical provider may receive fines for non-compliance should the business associate suffer a data breach or security incident. These documents are extremely important!
Many thanks to all our healthcare workers for staying strong throughout these trying times.
If you would like more information or need a business associate agreement, contact us at 877.659.2467 or complete the contact us form.
“Simplifying HIPAA through Partnership, Education, and Support”