As with all other forms of technology used in the sphere of healthcare, telemedicine also needs to ensure compliance with HIPAA, for the purpose of protecting the privacy of patients. Apps such as Skype might provide a platform which doctors can use to provide virtual sessions to patients, but employing the app for this purpose is not an HIPAA-compliant practice. Any form of technology employed for the purpose of telemedicine must provide fool-proof security and guarantee the safety and privacy of patients’ personal information.
A number of states in America have laws of this sort, which make it mandatory for parties such as developers of telehealth apps to ensure their compliance with various rules for security and privacy, regardless of whether or not their company is subject to HIPAA.
Some laws in California decree that apps must have the “do not track” feature. Florida completely revamped its law for reporting data security breaches the previous year and passed a law this summer which requires that detailed contact information is made available on websites and digital services online.
It is vital for present health apps, telehealth apps, and developers of consumer-targeted tools for health to take these laws into account. States are working on extending the scope of laws for ensuring privacy and security, and developers of health apps need to comprehend these laws and adhere to them.
However, as pointed out by the National Policy Telehealth Resource Center, “Compliance with the Health Insurance Portability and Accountability Act (HIPAA) is more complex than simply using products that claim to be ‘HIPAA-compliant.” It is not enough for the platform being used for telemedicine services to be compliant – the patients, providers, and staff members utilizing the tool also need to make sure that they are HIPAA-compliant.
For example, in addition to creating a product that guarantees security, telemedicine software designers will also need to make sure that their companies are in compliance with HIPAA.
Compliance with HIPAA involves a structured set of safe practices which include stringent documentation and monitoring, between parties whose privacy is ensured.
Products in themselves cannot guarantee compliance – however, certain products might have components which permit users to employ them in a way that is in accordance with the HIPAA.