Prior to the COVID-19 pandemic, telehealth was underused and understudied. But as regulations changed and the telehealth parity went into effect, more people started taking advantage of telehealth services, and many healthcare practices started offering them. Today, more than half of mental health appointments (55%) are being conducted remotely, mostly through videoconferencing rather than in-person visits.
If you’re a provider offering telehealth for behavioral health and substance use treatment, it’s important to know how to navigate regulatory compliance. One of the most critical areas to get right is HIPAA compliance, which are regulations specifically designed to protect the privacy and security of patient health information.
At Integrity Billing, we help behavioral health organizations protect patient privacy while optimizing revenue cycle management. Whether you’re new to telehealth or scaling up your virtual services, here’s what you need to know about HIPAA and telehealth in today’s healthcare environment.
Telehealth and HIPAA: An Evolving Landscape
Telehealth has become a lifeline for individuals seeking behavioral health and substance use treatment, especially in underserved or rural areas. But providing care virtually doesn’t change the need to follow federal privacy regulations.
HIPAA compliance still applies to telehealth sessions, just as it would during in-person visits. This includes protecting patient health information (PHI), using secure technology platforms, and following documentation and consent protocols.
There are unique factors that can make telehealth services less private and secure than in-person appointments. The main risk factors include a lack of private space for vulnerable individuals, difficulty sharing sensitive health information remotely, technology factors, and operational factors like reimbursement and payer denials.
What Makes Telehealth HIPAA-Compliant?
To meet HIPAA standards, telehealth platforms and practices must ensure confidentiality, integrity, and security of electronic protected health information (ePHI). Here are the key elements:
Secure Communication Platforms
Your organization should only use telehealth platforms that are HIPAA-compliant, meaning they encrypt data and offer a Business Associate Agreement (BAA). Avoid public-facing tools like FaceTime, Skype, or Zoom.
Business Associate Agreements (BAAs)
You must have a BAA with any third-party service that handles PHI on your behalf, such as your telehealth platform, billing software, or cloud storage provider.
Patient Consent
Always obtain and document informed consent for telehealth services. While some states have specific consent requirements, HIPAA mandates that patients understand how their information may be used or shared.
Secure Storage of Records
Maintain telehealth records in a secure electronic health record (EHR) system that complies with HIPAA data storage and access control rules.
The Role of Revenue Cycle Management (RCM)
At Integrity Billing, we know that billing, coding, and reimbursement for telehealth services bring their own compliance concerns. Fortunately, we help providers stay protected so that they can focus on delivering excellent care.
One of the ways we protect our clients is by ensuring accurate coding for telehealth services. This way, payors know exactly how the time was used and what treatment modality was provided. For example, a 30-minute psychotherapy session is going to be different from one that lasts 90 minutes, and therefore, should be coded differently.
The team at Integrity Billing also verifies payer policies, as some insurers have different requirements for telehealth billing. What this means is that Medicare, Medicaid, and private insurers vary in the services they cover, the codes they use, and the billing methods they prefer. We also safeguard patient data through secure billing workflows and HIPAA-compliant platforms.
Additionally, our team supports audits and documentation to demonstrate compliance with federal and state rules. By integrating HIPAA safeguards into your revenue cycle, you reduce risk and streamline reimbursement at the same time.
Recent Changes to Be Aware Of
During the COVID-19 public health emergency, some HIPAA enforcement was relaxed under the Notification of Enforcement Discretion. However, those flexibilities have expired or are expiring, meaning stricter compliance is back in place. Don’t be caught off guard!
Behavioral health providers must now transition away from non-compliant platforms used during the pandemic and update privacy policies and consent forms. They are also expected to reassess cybersecurity protections for all virtual services. You can learn more about the latest updates to HIPAA-compliant telehealth in the HIPAA Journal.
Streamline Revenue with Secure, HIPAA-Compliant Billing Processes
HIPAA compliance in telehealth isn’t optional; it’s essential for protecting your clients and your practice. As a behavioral health or substance use provider, you face unique challenges, but with the right systems and support, telehealth can be a safe and sustainable part of your care model.
Integrity Billing can help you build HIPAA-compliant billing processes that support both ethical care and financial strength. If you need help navigating HIPAA and telehealth billing, contact us today for expert support in behavioral health RCM and compliance.