The pandemic threw healthcare into unknown territory in 2020. To accommodate patients and continue to provide treatment, providers early on during the COVID-19 health crisis had to quickly turn to new technologies such as telemedicine to provide care virtually. As practices return to normal, it is imperative they be mindful of possible security issues related to the devices they used to enable patients to receive care remotely.
“We are trying to remind people that they may have distributed iPads or laptops or cell phones that need to be managed,” said Laura Hoffman, assistant director of federal affairs for the American Medical Association (AUA). To assist in that effort, the AMA has released IT considerations for medical practices and hospitals.
Practices should consider that devices used outside of the office might not have been updated with software security patches or distributed laptops without encryption capabilities, Hoffman noted. As their in-person caseloads rebound, practices that gave healthcare providers expanded access to protected health information (PHI) during the pandemic should return to normal PHI access controls.
Hoffman urged practices to enter into a business associate agreement (BAA) with vendors who provide telehealth platforms, if such an agreement is not already in place. Some major vendors historically have not signed BAAs, but they might be more amenable to doing so now to keep the market share they gained during the pandemic.
“I will be interested to see how that plays out when the public health emergency ends,” Hoffman said. “But if they [vendors] are not willing to sign a BAA, barring regulatory changes, providers will need to find a new platform because they have a responsibility to protect patient information under HIPAA.”
In the meantime, practices need to take every security feature a telehealth vendor’s platform offers, including end-to-end encryption, Hoffman said.
This article originally appeared on Renal and Urology News