Question: One of our practice’s nurse practitioners provides occasional telemedicine services via videoconferencing. Does the Security Rule apply to these sessions?
Answer: The HIPAA Security Rule does not cover telemedicine treatment sessions provided by videoconferencing, according to the American Speech-Language-Hearing Association (ASHA).
The Security Rule states that “because ‘paper-to-paper’ faxes, person-to-person telephone calls, video teleconferencing, or messages left on voice-mail were not in electronic form before the transmission, those activities are not covered by this rule.”
Caveat: But if you record the session and save a copy, the saved version would be subject to Security Rule provisions, ASHA says.
“Regardless, the treatment session and all related information and documentation are subject to the Privacy Rule provisions,” ASHA notes. “To ensure the patient’s privacy during treatment sessions, clinicians should consider the use of private networks or encrypted videoconferencing software.”