Promote telemedicine adoption by educating patients on privacy and security

Revenue Cycle Management
Written By edgeMED Healthcare

Protecting patient information during a telehealth visit is a team effort. Healthcare providers take proactive measures to promote HIPAA privacy and security, but patients must also do the same. The difference is that healthcare providers are well-versed in how to do this. They live and breathe HIPAA every day. Patients? Not so much.

For example, patients may not think twice about connecting to public Wi-Fi when accessing telehealth services or using a laptop with outdated anti-virus software during a telehealth encounter. However, these seemingly benign choices can be catastrophic, resulting in medical or financial identity theft, embarrassment, bias and discrimination, and other problems for the patient’s finances or reputation.

Educating patients about telehealth privacy and security
That’s where patient education can help. Although healthcare providers aren’t required to educate patients on telehealth privacy and security, there is a definite benefit of doing so: Increased telehealth adoption among patients who feel empowered to protect themselves.

Fifty-two percent of telehealth providers say patients have refused to engage in telehealth services because they did not trust the technology to protect their healthcare data security and privacy. Giving patients strategies to protect information themselves can help them feel more comfortable venturing into this new age of virtual services.

Another benefit? “Ensuring the privacy and security of PHI can help promote more effective communication between the provider and patient, which is important for quality care,” says OCR.

Providing tips and strategies for telehealth privacy and security
Want to provide more patient education around telehealth privacy and security, but not sure where to begin? Fortunately, the federal government recently announced a National Cybersecurity Strategy to advance cyber resiliency in the healthcare sector. Goals include:

  • Establish voluntary cybersecurity performance goals for the healthcare sector.

  • Provide resources to incentivize and implement these cybersecurity practices.

  • Implement an HHS-wide strategy to support greater enforcement and accountability.

  • Expand and mature the one-stop shop within HHS for healthcare sector cybersecurity.

As part of that strategy, HHS Office for Civil Rights (OCR) recently published two educational resources that medical practices can use as a foundation for their patient education strategy.

  1. Pick a private location for the telehealth visit. Encourage patients to pick a private room with a door away from others. However, keep in mind that privacy may be a challenge for certain vulnerable populations, and it could require creative solutions. Education and support in the use of headphones, for example, presents an opportunity to provide patients with the means to control their privacy.

  2. Be aware of scams. Help patients be on the lookout for suspicious calls or emails about their telehealth visit and when in doubt, encourage them to contact their medical practice directly with any questions or concerns.

  3. Be aware of what’s in the background. Even when patients are in a private location, they could unknowingly disclose personal information. Virtual backgrounds may be the best option for telehealth visits.

  4. Keep computers and mobile devices patched and updated. Encourage patients to enable options to check for and install security updates automatically.

  5. Avoid using public Wi-Fi networks. Encourage patients to use private networks when exchanging sensitive health information with healthcare providers during a telehealth visit.

  6. Turn off nearby devices that could capture conversations. Examples include home security cameras, voice assistants, or other devices.

While you’re at it, add patient education to your telehealth audit checklist. Do patients understand the importance of telehealth privacy and security, and what do you do to empower them to make good choices?

Conveying the importance of secure telehealth
Medical practices can leverage the patient portal to provide this important information. They can also post information on the medical practice website (here’s a good example of how to do that), use signage in the waiting area and exam rooms, or provide educational pamphlets and flyers. When medical assistants call patients to update insurance and demographic information immediately before the telehealth appointment, staff can also provide quick reminders about how to promote HIPAA privacy and security.

There are many ways to do it—the point is, just do it. Also consider sharing resources with each patient’s personal representative or family member who is assisting the patient in receiving telehealth. Patients and their families will thank you and appreciate that you have their best interest in mind.

Conclusion
Partnering with a reputable telehealth provider is paramount. Look for a telehealth vendor that takes proactive steps to protect patient data, including maintaining SOC 2, Type 2 certification. This certification demonstrates adherence to high security, availability, processing integrity, confidentiality, and privacy standards. Learn how edgeMED can help and be sure to check the Healthy Snacks blog for more expert insights, best practices and industry trends.

edgeMED Healthcare

The authority in revenue cycle management for over 40 years

https://www.edgeMED.com
Previous

Setting your medical practice up for financial success in the New Year
Next

How revenue cycle management works: Key components, strategies for medical practices