NSA Telework Security Guidelines and Video Conferencing
The COVID-19 pandemic and CARES Act have more and more providers examining telehealth as a method of delivering care during this period of reduced patient access and beyond. To facilitate the transition of certain services to telehealth, the Health and Human Services (“HHS”) Office of Civil Rights (“OCR”) has announced that it will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of telehealth during the COVID-emergency. Still, many providers are questioning which of the commonly available applications offer the most complete protection for provider and patient data.
The National Security Agency (“NSA”) has released an analysis of the security features available for the most common video conferencing applications. The NSA has updated this list from its April 24th version. The new list adds an analysis of additional providers and reflects the changes made by one of the most popular programs, Zoom, to rectify the security deficiencies which had caused the State of New York to suspend the use of Zoom in sensitive environments such as classrooms. The NSA’s full analysis is available here; a condensed version is available here. The Department of Homeland Security is also expected to release guidelines on telework applications; we will update this page when they become available.
For more information or assistance with matters related to the use of videoconferencing software in patient care, please feel free to reach out us.