{"id":21461,"date":"2021-01-14T15:41:43","date_gmt":"2021-01-14T20:41:43","guid":{"rendered":"http:\/\/www.carecloud.com\/continuum\/?p=21461"},"modified":"2025-10-08T04:20:40","modified_gmt":"2025-10-08T04:20:40","slug":"exceeding-hipaa-compliance-technical-requirements-in-the-age-of-telehealth","status":"publish","type":"post","link":"https:\/\/carecloud.com\/continuum\/exceeding-hipaa-compliance-technical-requirements-in-the-age-of-telehealth\/","title":{"rendered":"Exceeding HIPAA Compliance & Technical Requirements in the Age of Telehealth"},"content":{"rendered":"

The Health Insurance Portability and Accountability Act (HIPAA) was designed to protect the privacy, security, and integrity of protected health information (PHI). This goal seems simple enough, but compliance has always been notoriously complex, especially since healthcare organizations entered the digital age and embraced innovations, such as cloud computing and mobility and telehealth solutions<\/a>.<\/span><\/p>\n

COVID-19 upended both the healthcare industry and HIPAA compliance. Virtually overnight, hospitals and other providers found themselves scrambling to implement telehealth options and, where possible, remote work. <\/span><\/p>\n

In an effort to ease the burden on providers as they strove to protect staff and patients, the <\/span>U.S. Department of Health and Human Services (HHS)<\/span><\/a> chose to exercise \u201cenforcement discretion\u201d and stated that it would not impose penalties \u201cin connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency.\u201d<\/span><\/p>\n

Relaxed HHS Enforcement is a Temporary Measure<\/strong><\/h3>\n

However, this does not mean that healthcare providers can use COVID-19 as an excuse to let HIPAA compliance and data security fall by the wayside. The relaxed HHS enforcement is a temporary measure to give providers time and breathing room to review their security protections and update them accordingly.\u00a0<\/span><\/p>\n

The pandemic has spread healthcare facilities\u2019 financial and human resources thin, and cybercriminals are taking advantage of tighter budgets and overworked IT staff. On average, it takes <\/span>nearly a year (329 days)<\/span><\/a> for a healthcare organization to discover and contain a breach, so organizations may already be compromised without even knowing it, leaving them wide open to data breaches and malware infections, particularly ransomware. <\/span><\/p>\n

In Q4 2019, ransomware attacks on healthcare providers rose by 350%, and <\/span>one in every 10 ransomware attacks<\/span><\/a> includes data theft.<\/span><\/p>\n

Complying with HIPAA in a telehealth-focused, digitized world<\/strong><\/h3>\n

The HIPAA Security Rule includes a number of technical specifications to protect PHI, which includes:<\/span><\/p>\n