Telehealth and Maintaining HIPAA in a Virtual Office

Telehealth and Maintaining HIPAA in a Virtual Office

2020 has provided many challenges to businesses, especially those who normally serve their customers face to face. For medical and dental offices, the challenges the pandemic has metered out are even more severe. Dwindling PPE and a necessity to still provide health services to both those who are sick AND those who are well but still require checkups and their regular care needs met has been a tricky thing to navigate to say the least.

Telehealth options have been an invaluable resource in helping to meet the demand for appointments for people who aren’t comfortable having an in office visit, while reducing the number of people sitting in waiting rooms at a time when congregating together in groups is a bad idea.

However, HIPAA guidelines still need to be maintained even in a virtual space, so how are providers conducting these appointments in a way that’s safe for client’s data and personal health details?

Protected Health Information (PHI) is a hot commodity on the Dark Web, often going for up to a $1000 dollars where the next highest cost records, credit card details and social security numbers can be gained for a $1 or less.

HIPAA and Cybersecurity Training

That makes protecting these records and the privacy of patients extremely important. Here are 6 rules to follow to make sure you’re HIPAA compliant in your virtual office:

  1. Keep conversations with patients private, avoid conducting these appointments in public spaces and instead opt to have them in your office just like an in person visit.
  2. Do not use public facing chat options such as Facebook Live, Twitch or Tik Tok to conduct appointments. Using private chat options such as Facebook Messenger or Google meet may be okay but notify patients they are third party and may introduce privacy risks.
  3. Enable encryption and/or privacy mode if it’s available.
  4. Before video chatting with a patient, get verbal consent to the video chat and note that in the EMR/patient's chart
  5. Don’t store PHI on any personal unsecured devices.
  6. Don’t message patients about their medical records outside of a secure patient portal, sending them a follow up via email may be a violation of HIPAA.

There is more to it than this but it’s a good place to start. In general, the need for HIPAA focused training is more important now than ever.

Currently the Office for Civil Rights (OCR) has made it easier for all covered healthcare providers to participate in telehealth during the COVID-19 nationwide public health emergency. Their notification states:

"The Office for Civil Rights will not impose penalties for noncompliance with HIPAA Rules in connection with the good faith provision of telehealth using such non-public facing audio or video communication products."

This provision may change in the future so staying abreast of current HIPAA related rules is extremely important to make sure you’re maintaining your HIPAA compliance.

At Valley Techlogic we appreciate the work and risk involved to all frontline workers during this crisis, if there’s any technical or HIPAA related questions we can help with please feel free to reach out. We’re here to help.

Looking for more to read? We suggest these tech articles from the last week.

This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at or on Facebook at . Follow us on Twitter at

Looking for IT Services in Fresno, Modesto, Stockton, Ceres, Atwater, Merced, Visalia or Lodi? We cover all these areas and more!