The COVID-19 pandemic has posed and will continue to pose new and unique challenges to protecting patient privacy.
Consider the following scenarios:
- A healthcare provider adopted telemedicine years ago and has rules and safeguards for HIPAA compliance in the provider’s office. But will the provider remain HIPAA-compliant while doing medical records retrieval and providing telemedicine services from home?
- A medical practice under financial stress because of the pandemic is offered financing based on future receipts. But obtaining the loan requires changing companies that process medical records or working with multiple companies engaged in medical records retrieval. What precautions are incumbent on the primary provider to protect PHI?
- Newly available technology, such as handheld ophthalmoscopes for detecting diabetic retinopathy symptoms without mydriasis, enables a primary care provider to save rural patients long drives for initial screening by a specialist. But what are the rules for the best healthcare information exchanges of detailed observations between primary care providers and specialists?
- The long-awaited coronavirus vaccine is finally available, and doctors, clinics, and pharmacies are encouraged to offer it on a drive-up basis. What are the HIPAA issues involved in medical records retrieval for providing vaccines to patients in their cars?
These are the kinds of patient privacy challenges facing healthcare providers since the beginning of the pandemic. Each of these scenarios illustrates a challenge for PHI protection that has become more acute since the start of 2020.
Many healthcare providers already have experience with telemedicine. A survey by Foley & Lardner found that 90 percent of primary care providers pursued telemedicine as long ago as 2014. The new issue is the security of PHI when the services are provided outside the PCP’s usual place of practice.
The Office of Civil Rights (OCR), the HIPAA enforcement arm of the U.S. Department of Health and Human Services (HHS), states an expectation that “health care providers will ordinarily conduct telehealth in private settings, such as a doctor in a clinic or office connecting to a patient who is at home or at another clinic.”
The rules allow telemedicine to be conducted when the provider is out of the office with reasonable precautions for the confidentiality of PHI. However, the OCR also states that healthcare providers must encourage their patients to participate in telemedicine with their own reasonable privacy precautions. Healthcare providers should encourage patients to speak in lowered tones and access telemedicine from private locations, such as not using a Wi-Fi hotspot at Starbucks or McDonalds.
Since the beginning of the pandemic, patients are waiting longer to see their healthcare providers. As a result, most practices have experienced significant negative financial impacts. The Medical Group Management Association reports that 97 percent of primary care practices have experienced reductions in revenues from COVID-19. Patient appointments are only 40 percent of previous levels, and revenues are only 45 percent of prior levels. Even by April of 2020, 22 percent of primary healthcare providers had laid off staff permanently.
Innovative financial solutions are available. One of these plays off the observation that early childhood vaccination rates have been falling all over the United States. Companies such as Vaxcare are offering to buy existing inventories of vaccines, fund new stockpiles of vaccines, and take over submissions to insurance companies. All the doctor has to do is to take a picture of the patient’s ID with an app, scan the vial from which the vaccination is drawn, and voilà, the patient’s EHR is updated, and the insurance claim is submitted.
Similar offerings are sure to arise.
The challenge of using third-party services to update EHRs and submit insurance claims is that the primary care practice remains liable for patient health information confidentiality. It is crucial for practices taking advantage of these financial arrangements to make sure that they are working with primary EHR providers that can add a layer of assurance that they are following best practices for medical record retrieval companies that maintain the standards of the best health information exchanges.
New technology expands the kinds of services that physicians can provide. In some instances, such as the case of the new ophthalmoscope that allows eye exams without having to dilate eyes and comes with artificial intelligence to recognize retinal abnormalities, technology gives primary care providers the ability to bill insurance for services for which patients would have to pay out of pocket at the specialist’s office. The primary care provider does not make the specialist’s diagnosis, but the visit level is elevated to enhance reimbursement.
In these situations, clinic staff must protect PHI as it travels from computer to computer in the PCP’s office and is then transmitted to the specialist. Most new devices are packaged with data transmission systems previously unavailable for complex observations, but the primary care provider must confirm that any patient images transmission is secure.
The COVID epidemic has resulted in a great deal of drive-through medicine. Patients are tested for the virus at drive-through clinics, and vaccination campaigns are expected to use a drive-through model.
The OCR has announced it is not enforcing some HIPAA rules at the drive-through testing sites, and it is a reasonable expectation that it will also be lenient in enforcing some guidelines for drive-through vaccination campaigns.
But this is not guaranteed. Primary care providers need to work with their companies that process medical records to make sure that PHI is protected, and also that their medical record retrieval companies are equipped to deal with the enormous load of claims against insurance and public programs that will make participating in vaccination programs profitable for primary care providers.
HIPAA is one more hurdle in the race to provide the best care for patients during the coronavirus pandemic. Partnerships with reliable medical records companies are essential to patients’ physical health and the financial health of primary care providers. Choosing the best vendors that provide the best health information exchanges is an integral part of good practice.
Sign up for a demo to learn more about ChartSwap today!
Learn How You Can Benefit From Using ChartSwap