Objective: All staff and providers must use secure, HIPAA-compliant communication methods and be adequately trained to protect patient information in both in-person and remote care settings.
Guidelines
Secure Communication Channels
Telehealth and virtual consultations must be conducted through secure, HIPAA-compliant platforms authorized by the clinical practice.
Emails, messages, and file sharing involving ePHI must be encrypted and transmitted only through approved communication channels.
Use of personal devices or unsecured applications (e.g., standard SMS, personal email) for patient communications is prohibited unless specifically secured and authorized.
Providers offering telehealth services must ensure that they work from secure environments with private internet connections and encrypted systems.
Security Awareness & Training
All workforce members—including providers, administrative staff, and contractors—must complete security and HIPAA compliance training upon hire and at least annually.
Training must include remote work protocols, phishing prevention, secure password practices, secure handling of ePHI, and incident reporting procedures.
Clinical practices must retain documentation of completed training and update training content regularly to reflect evolving threats and regulations.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article