Is telemedicine compliant with the Health Insurance Portability and Accountability Act of 1996 (HIPAA)? It can be if reasonable precautions are taken. The US Department of Health and Human Services (HHS) delineates what must be done to assure proper compliance with HIPAA rules and regulations:

  • The Security Rule in general requires entities to ensure confidentiality, integrity, and availability of health information they create, receive, maintain, or transmit, identify and protect against threats to security or integrity of information, protect against inappropriate uses or disclosures, and ensure compliance by their workforce.
  • Entities are required to perform risk analysis. This should be an ongoing process, entailing four basic parts:
    • Evaluating probability and impact of potential risks to confidential information
    • Implementing security measures to address the above risks
    • Documenting security measures and their rationale
    • Maintaining continuous protection
  • Safeguards must be in place.
    • Designated security official must be in charge
    • Access to information must be authorized to appropriate personnel only
    • Workstations and facility in general must have limited access
    • Personnel must be trained in safeguard management
    • Periodic assessment required
    • Electronic techniques must be used to prevent unauthorized access or changes to records
  • Violations must be corrected
  • HIPAA supersedes all state laws

Most large telemedicine services, like QuickMD, Teladoc, Doctor-On-Demand, all follow HIPAA and are therefore considered HIPAA-compliant. This means your personal health data will remain private and will only be shared with people and entities who are involved in your care, like doctors, nurses, billing departments, etc.

Certain aspects of HIPAA can be waived by the patient. For example: if a patient prefers to communicate with their doctor or care team by email and agrees to receiving protected health information by email, this does not constitute a HIPAA violation.

For more information, check the website of the Department of Human Health & Services.