How Hospices Are Complying with Telehealth, Data Privacy Rules Post-PHE

Healthcare attorney Jennifer Rangel spoke with Hospice News addressing data security in contract negotiations between tech companies and hospices amid fluctuating telehealth rules. A business associate agreement establishes a legally binding relationship between HIPAA-covered entities and vendors like technology companies.

"It is also key to think through who your business associates are and be sure that business associate agreements are in place," Ms. Rangel said. "Confirm that any telehealth software or platforms are secure and meet state and federal requirements. If any visits were being conducted on an audio only platform, be aware of current limitations on audio-only calls."

Ms. Rangel explained that a viable technology partner should be transparent and detailed about their security measures and compliance policies. Those that are less than forthcoming about these policies might carry regulatory risks for hospices.

“Red flags include refusal to enter into a business associate agreement or providing a very cursory agreement and a refusal to negotiate and agree to standard, protective clauses,” she said. “In addition, a technology partner should be willing to share their security certifications, explain their security processes in depth and provide information on their risk assessments and any risks that have been identified. A strong technology partner should be willing to provide indemnification for their errors and errors in their technology not due to the user.”

READ: How Hospices Are Complying with Telehealth, Data Privacy Rules Post-PHE