AMA Seeks More Time for HIPAA Compliance for Telehealth Users
The American Medical Association (AMA) is asking the federal government to give physicians who quickly pivoted to include telehealth in their practice ample time to meet the HIPAA requirements before audits and other enforcement measures begin in earnest.
In a letter to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), the AMA asked HHS to establish a one-year glide path to compliance. This year would give providers the time to work with their vendors on business associate agreements and initiate and implement security risk analysis of the new telemedicine platform of their choosing. The letter also asks the OCR to call on telemedicine vendors to help clinicians become compliant and to create guidance documents that specifically speak to telemedicine platforms on what is required for the technology to be HIPAA compliant.
Back when COVID first took hold, the OCR realized physicians needed to quickly adopt telemedicine technologies so they could continue to provide care for patients safely and in a way that was accessible. To make this happen, the OCR announced a policy of enforcement discretion during the public health emergency for HIPAA violations related to telehealth remote communications. It applies to physicians and hospitals who, in good faith, use telemedicine platforms and applications to connect with their patients. This policy kept healthcare up and running when businesses across the economy were hit hard.
The AMA also advised physicians to enable all privacy and security features within the platforms they selected, as well as offered guidance to protect a remote work environment against increased cyber threats that sought to exploit telework technologies.
Where does your healthcare organization stand with HIPAA? Whether you’re a traditional or telehealth provider, it’s time to review your cybersecurity stance and test your penetration perimeter. Let 2W Tech help. We have a robust Cybersecurity Compliance Program that can identify any gaps in your regulatory requirements. Contact us today to learn more.