Listen to this post

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently released two resource documents to help healthcare providers explain the privacy and security risks of telehealth to their patients.

The first document, entitled “Educating Patients about Privacy and Security Risks to Protected Health Information when Using Remote Communication Technologies for Telehealth,” includes suggestions for discussing:

  • Types of telehealth options offered
  • Risks to protected health information and ways to mitigate them
  • Privacy and security practices of telehealth vendors
  • How to file a privacy complaint with OCR

The second document, “Telehealth Privacy and Security Tips for Patients,” includes about a dozen hints, such as:

  • Conduct telehealth appointment in a private location
  • Use multi-factor authentication if available
  • Use encryption when available
  • Avoid public Wi-Fi networks

OCR points out that the HIPAA Privacy, Security, and Breach Notification Rules do not require covered healthcare providers to educate patients about these risks, but the documents provide a good start for those who wish to do so.

Sign up to receive Rivkin Rounds at