HIPAA Series Part III: Which “Off-Site Offices” are HIPAA-Compliant?

An important feature of modern private practice is mobility. Technological developments have changed the dynamic between providers and patients, allowing for increased contact via social media and  telehealth appointments in addition to traditional office visits. These innovations have really changed the game, allowing RDNs to practice across state lines and in less traditional settings. However, along with these new opportunities have come new challenges when it comes to protecting PHI and remaining HIPAA compliant.

The most important facet of the relationship between RDN and patient is trust. Your patients trust you to maintain their confidentiality, and by extension, trust your office to be secure. Last week, we discussed how to protect your office, but with the rise of telehealth and alternative workspaces, many RDNs are wondering what settings are appropriate for having an appointment.

As a provider, your physical location during a telehealth appointment (known as the “originating location”) is very important, and can play a role in whether or not your claim is approved! Insurance companies want to see that your originating location is an appropriate setting for a medical appointment. In order to maintain the integrity of PHI, we recommend just using your office, as it is a secure location and will already be outfitted with the proper amenities.

HIPAA applies to telehealth just like any other provider-patient interaction, so privacy is key. If someone could unwittingly see your computer screen or hear your conversation, that’s a potential breach of PHI. It’s best to treat your telehealth appointments the same as in-person appointments, and approach them with the same level of caution. As a reminder, the telehealth platform that you use must be properly encrypted to ensure patient privacy.

When selecting your office for face-to-face or telehealth appointments, there are still a number of considerations you must pay attention to. While there are plenty of innovative options: renting space in a physician’s practice, working from home, or exploring co-working spaces with private offices, the most important thing is to make sure that your workspace is able to be secured. You won’t be able to meet with patients in a public space, such as a coffee shop, to discuss PHI and treatment strategies.

Similarly, if you’re using a co-working space, you’ll have to ensure that you have a private office that’s soundproof and able to be locked. You’ll also need to make sure that you’re able to print privately, so that people outside of your practice can’t inadvertently access PHI. If you decide to enter a partnership with a practicing physician, check out these resources from the Academy. Also, check out our post on alternative office spaces for more! And remember-- any entity that you enter into a business partnership with will have to sign a Business Associate Agreement (BAA).

What are some of your best practices for telehealth and maintaining patient data security? Comment below!