https Protected by 2048 bit RSA Security.
overcoming-covid-19-challenges-in-telehealthSELECT * FROM tblBlog WHERE link LIKE '%overcoming-covid-19-challenges-in-telehealth%'
Thoughts on Telehealth, PIPEDA, PHIPA, HIPAA and the GDPR

Worldwide, we are all striving to provide secure patient consultations and facing the same challenges

The worldwide impact of COVID-19 has yet to see full propagation and healthcare practitioners face a vast array of questions about how to conduct business and provide service to patients while minimizing physical interaction. COVID-19 was a turning point for the medical profession, previously practitioners had the option to adopt technology as part of their practice, with little mandate coming from Colleges or Federally. Early adopters are familiar with digital consults, using technology as part of their daily workflow and capturing data from smart devices directly into the patient chart.

The world changed with the onset of the COVID-19 pandemic, forcing businesses to close, social distancing became the norm and healthcare practitioners forced to look at alternatives to the traditional consultation. Many software companies jumped on the task of building out existing offerings for video telecommunications and EMR's leapt into marketing strength pushing to be first to market with their mobile-ready EMR platforms. It also gave an opportunity for other companies such as Verified Medical, with a digital capture and collaboration platform that has been in circulation since 2013. The ability for digital providers to server the healthcare community was obvious - technologists realized the power of their platforms and the niche in which they were able to be offered. Some platforms (and popular at that) fell foul of data protection and privacy regulation, creating an element of distrust in the marketplace, and potentially hurting their ability to grow.

PHIPA, PIPEDA, HIPAA and the GDPR

When it comes to data protection and privacy acronyms rule. Here are some of the ones you need to know and should ensure your telehealth platform adheres to:

Personal Health Information Protection Act (PHIPA)
PHIPA has been around since 2004 and is a Federal Act that governs rules for the collection, use and disclosure of personal health information. Any organization or individual that collects personal health information has an obligation to abide by the PHIPA Act, including the ability to have patients consent to the collection of their personal health information before collection occurs, or before patient information is disclosed or used and with any other parties. Individuals have the right under PHIPA to request changes and to access any personal information held about them.

Personal Information Protection and Electronic Documents Act (PIPEDA)
PIPEDA is very similar in nature to PHIPA with the addition that it applies to private companies that collect, use and distribute personal information. Similar rules exist as PHIPA for the explicit consent to collect personal information requiring organizations to apply for consent from the individual each time their use of the personal information changes. Organizations have an obligation under the Act to limit the use of personal information to the purpose for which it was collected. PIPEDA has many exceptions including information handled by Federal Government, Provincial, Territorial Governments and agents, Business contact information, information gathered for personal use i.e. an individual's Christmas card list, information collected for journalistic, artistic or literary use. Usually not-for-profit, charity groups, political parties and associations are exempt.

Health Insurance Portability and Accountability Act 1996 (HIPAA)
One of the more stringent health information protection Acts, HIPAA covers the use of personal and private information within health care in the United States. HIPAA is a national standard for electronic health transactions and security. There are several rules that apply to telehealth vendors, including stringent standards for medical record collection and usage, and the use of health information within electronic data transactions. Similar to PIPEDA in Canada, gives the patient increased rights over their health information including the ability to request copies and corrections. HIPAA also has standards intended to protect individuals' electronic health information, with many safety guards that require a level of appropriate administrative, physical and technical safeguards to protect patient health information.

EU General Data Protection Regulation (GDPR)
The GDPR is very much like its counter parts here in North America. Governing EU member states, the GDPR has many similarities to PIPEDA and HIPAA and has far-reaching implications to North American vendors who process and use data of EU citizens. The GDPR goes further in some respects to PIPEDA in that an individual has the right to not only receive personal information held about them, but to receive it in a structured machine-readable format. In addition, rather than having just the ability to make changes to personal information held and to consent, the GDPR also allows an individual to deny access to and to erase data held on them. North American software providers need to have policies in place to handle such requests to ensure compliance.

Where do we fit?

Telehealth software vendors have an obligation to protect the information that flows in and through electronic data systems they manage. Adherence to the rules in each jurisdiction is important from a vendor perspective and also for their clients, who use telehealth platforms with a degree of understanding that the vendor is working to protect the information they input and use.

Verified Medical holds data security and privacy at the very forefront of what they do, end-to-end encryption, encrypted servers, PIPEDA and HIPAA compliance are daily language for company and customers. COVID-19 presented an opportunity for Verified Medical to adapt a module developed for internal use to health care customers, adapting their video conferencing and chat platform to provide a telehealth module that would easily integrate into the Verified Medical platform.

Taking our existing technology and making it customer-facing seemed an obvious next step for us. We have always been at the forefront of security and privacy with the Verified Medical platform and made sense to make this technology available to our healthcare clients.

Andy Chapman, CEO, Verified Medical

drCalls.me is the telehealth video conferencing module for Verified Medical. Available free of charge to healthcare practitioners, college and associations whether they are Verified Medical customers of not.

Interesting Articles

British Medical Journal
I don't feel confident providing remote consultations. What do I need to know?

Information and Privacy Commissioner, Ontario
A Guide to the Personal Health Information Protection Act, Dec 2004

Office of the Privacy Commissioner of Canada
PIPEDA in Brief

Health Information Privacy, US Dept. of Health and Human Services
HIPAA for Professionals

Horizon 2020 Framework Programme of the European Union
Complete Guide to GDPR Compliance

For more information, please visit the website drCalls.me

Digital technologies to support healthcare professionals since 2013

© 2020, Verified Network Inc. | Powered by Verified Medical