COVID-19 / Coronavirus

Technical Planning and Response Resources

Telehealth Printable.jpg
Telehealth Printable NC.jpg

Download our Guides to Telehealth Reimbursements in your state

HIPAA Penalties Relaxed for COVID-19 Community Testing Centers

Monday, April 13, 2020

The Office of Civil Rights has announced that it will not enforce specific HIPAA penalties on covered entity healthcare providers who are performing community-based testing for COVID-19.  This is specifically designed to apply only to businesses offering mobile, drive through, or walk-up sites dedicated to providing only COVID-19 testing to their patients.

While penalties may be relaxes, the OCR gave the following guidance for maintaining secure workflows during testing:

  • Request only the minimum-necessary private information from patients

  • Setup canopies or other opaque barriers between testing areas to provide physical privacy

  • Maintain social distancing guidelines of at least 6 feet between testing areas

  • Establish an off-limits "buffer zone" between the public area and the testing areas to provide additional privacy

  • Secure any and all digital communications that transmit protected health information

  • Keep your Notice of Privacy Practices (NPP) available (whether physically or digitally) for all participants

Please keep in mind that the scope of this easement is limited specifically to sites solely performing COVID-19 specimen collection and testing.  For more information, click here to review the full press release.

Phishing Attacks Exploit COVID-19

Wednesday, April 8, 2020

Cyber criminals are just that - criminals.  As such, they've been working overtime to take advantage of businesses and individuals dealing with the daily effects of the coronavirus by sending out emails with malicious links or attachments.  These emails purport to be from trusted entities and to contain helpful or relevant information, but instead lead to a website that is designed to steal users' credentials or install ransomware.

These malicious messages are most commonly delivered via email but can also be sent via text message.  Below are our top tips for spotting a phishing message:

  • Authority - Is the sender claiming to be a figure of authority (e.g. a bank, doctor, lawyer, government agency, etc.)? Cyber criminals often pretend to be important people or organizations to trick you into doing what they want.
     

  • Urgency - Are you told you have a  limited time to respond (e.g. in 25 hours or immediately)?  Criminals often threaten you with fines or other negative consequences.
     

  • Emotion - Does the message make you panic, fearful, hopeful, or curious?  Criminals often use threatening language, make false claims of support, or attempt to tease you into wanting to find out more.
     

  • Scarcity - Is the message  offering something in short supply (e.g. masks, money, or a cure for medical conditions)?  Fear of missing out on a good deal or opportunity can make you respond quickly.

Stay vigilant when reading and receiving emails from unknown or unfamiliar senders.  Alert your IT team if you think you have received a suspicious or malicious email, especially if you have clicked a link or downloaded a file.

HIPAA Penalties Relaxed for Telehealth Services

Wednesday, March 18, 2020

While it is being reported that the Department of Health and Human Services has waived HIPAA penalties, fines, and sanctions, it is important to note that this waiver does not apply to all (or even most) covered entities.  It is in your best interest to continue to uphold all safeguards, controls, and security measures as required by HIPAA regulations.

In the HHS' bulletin (linked here), the secretary has waived HIPAA sanctions and penalties against a covered hospital for the following infractions:

  • failing to obtain a patient's agreement to speak with family members or friends

  • failing to honor a patient's request to opt out of the facility directory

  • failure to distribute a notice of privacy practices

  • failure to respect a patient's rights to privacy restrictions

  • failure to respect a patient's rights to request confidential communications

While the waiver went into effect on March 5, 2020, it only applies:

  • to hospitals in an area indicated in a public health emergency declaration

  • to hospitals that have instituted their disaster protocols

  • for up to 72 hours from the time the hospital implements its disaster protocol

 

It is important to note these restrictions to the waiver, as the majority of Covered Entities and Business Associates must continue to uphold all HIPAA regulations, even in an emergency situation. 

Tuesday, March 17, 2020

The Department of Health and Human Services' Office of Civil Rights (OCR) recently announced that it will waive penalties for good-faith uses of telehealth to treat patients during the COVID-19 state of emergency.

“A covered health care provider that wants to use audio or video communication technology to provide telehealth to patients during the COVID-19 nationwide public health emergency can use any non-public facing remote communication product that is available to communicate with patients."

It is important to note that public facing methods of video conferencing (Facebook, TikTok, etc.) are still not permitted.  And while the penalties may not be enforced for use of an insecure telehealth platform, it is imperative for providers to continue to conform to all other HIPAA regulations to protect the privacy, security, and integrity of their patients' data.

8x8 Phones at Home: Reminders and Resources

Tuesday, March 17, 2020

We wanted to provide you some quick information that might help your staff be more ready to take and make calls from home using your 8x8 phone system. You may also want to direct them to a short video (https://youtu.be/6sSoUdJwZaI) that can quickly orient them on the options.

The 8x8 Mobile App:

The 8x8 Desktop App:

SSVA Suspending On-Site Response

Tuesday, March 17, 2020

I am sure that the current situation has all of you incredibly busy. Like many of you, we have been monitoring the situation closely and while we are aware that most infected by this virus will fully recover, we also know we need to be concerned about your team's health, our team's health, and our responsibility to avoid contributing to further spread.

Based on CDC recommendations (link below) our leadership team has decided to increase our response to this infectious outbreak and modify our standard practices for a temporary timeframe.

Starting tomorrow, we will be limiting our on-site visits to emergency needs. Our operations team will be working with you to evaluate the criticality of each service and project ticket. In-person meetings will be offered via video conference or phone conference. We foresee the possibility of a high volume of requests and resulting response delays. We have already moved a portion of our workforce to home isolation. In certain situations we may ask if you have team members willing to be remote hands for us to be guided through a physical task.

We are anxiously looking forward to the time when this disease will be under control and mitigated and business will return to normal. Until then, we want to do everything in our power to be there for your organization as you develop the best response possible.

 

Free Tools for Security and Remote Meetings

Wednesday, March 11, 2020

SSVA is partnering with our partners to provide free tools to companies that are supporting an increasing number of remote users.  Between now and July 1, 2020, work with SSVA to implement any of the following tools:

  • Cisco Webex for free remote meetings

  • Cisco Umbrella for free web content filtering

  • Duo Security for free dual-factor authentication

  • Cisco AnyConnect for free VPN licensing

  • 8x8 Video Meetings

Implementation of all products is limited based on client's existing infrastructure, but please reach out to us so that we can work with you to determine the most effective use of these tools to support your COVID-19 planning efforts.

Helpful Links for COVID-19 Preparation and Response

Tuesday, March 10, 2020

Use these links to access helpful information

COVID-19 Preparation and Response

Monday, March 9, 2020

Over the weekend the U.S. Surgeon General officially signaled the shift from containment to mitigation of COVID-19. This, coupled with financial market uncertainty, has the public facing a different reality this week. As if your job wasn’t complicated enough already, now we all need to prepare for life with COVID-19.

 

As your partner, we wanted to share some of the information that we are preparing for you. Through the years we have walked alongside many healthcare administrators and executives as they navigated business continuity planning and, at times, the disaster recovery process. With that experience we have compiled some practical, actionable thoughts. We will also be hosting a webinar later this week to dive deeper into the topic.

 

We need to prepare to operate in a clinical environment that includes significant “social distancing”. Are you able to function with providers and staff that choose to self-quarantine? Can those people still function in some capacity in your system? Working from home will become necessary for team members at some point.

  • Do all team members have the necessary remote system access?

  • Do they have workstations (personally owned or mobile devices) that would allow access?

  • Do you have all of the necessary licensing to allow for increased remote access?

 

In addition to the ability to access systems remotely, communications requirements will be different.

  • Do you have a legacy PBX or phone system that doesn’t allow for remote users?

  • Do you have the ability to send group SMS (text messages) to your full team and process the responses?

 

Your practice will need the ability to assess and reassure both symptomatic and asymptomatic patients while they are isolated at home.

  • Will you be able to support the increased calls from patients?

  • Do you have a strategy for triaging patients to determine the level of care they need?

  • Will you use telemedicine (video visit) technology to assess and treat patients?

 

The financial aspect of this will likely be high. (Increased PTO and sick time, decreased traffic in your offices, increased demands on staff time…)

  • Are you prepared to bill for video visits when used?

 

I am sure these are topics that you are already considering or may have well in hand. Our purpose in this message was to consolidate some of these thoughts and to let you know that we are here to help. Please contact us to discuss any of these point in more detail.

© 2020 by Strategic Solutions of Virginia, LLC