Medical Spa MD is a community of 28,000+ plastic surgeons, dermatologists, & aesthetic physicians practicing cosmetic medicine worldwide. FREE Medical Spa Deals for Clinicians

About   |   Advertise   |   Press   |   Contact

Sponsors & Friends

cosmetic fillers ad

Medical Spa RX Group Buy Program.

medical spa design and advertising

Graphic Design for Medical Spas

Waiting Room Video DVD Marketing

The very best bang for your buck cosmetic marketing!
Watch demo Frontdesk waiting room videos and DVDs.

Medical Spa Training Manuals

Medical spa & laser clinic staff training manuals.

2nd MD
2nd MD - Boarded US physicians work from anywhere.
Medical Justice
Relentlessly protecting physicians from frivolous lawsuits.

More control of your income, career, and lifestyle as a physician.
Read our terms
Newest Comments

Medical Spa MD is a world-wide physician community for clinicians in skin clinics, laser centers and medspas with thousands of physician members around the world. By using this site you agree to our terms of service and fine print.

« Lifestyle Lift Abruptly Shuts Down | Main | Mommy Makeovers for Mom's Day »
Monday
Mar092015

Getting Naked on the Internet: What does the law say?

Telemedicine and Cyber Security

The Health Information Portability and Accountability Act (HIPAA) is a federal law that protects the privacy of your personal health information (PHI). HIPAA includes several rules and provisions that set guidelines and requirements for the administration and enforcement of HIPAA. The relevant ones for the exchange of PHI in the digital cyberspace are the Privacy Rule1, the Security Rule2, and the aptly named Health Information Technology for Economic and Clinical Health (HITECH) Act3.

Telemedicine is a burgeoning field of medicine that incorporates digital technology such as electronic health records (EHR), information sharing, and videoconferencing to enhance the interaction between physicians and their patients, and ultimately, improve the delivery of healthcare. Having been a plastic surgeon for several years now, I’m all too familiar with meeting people at social events, and immediately getting bombarded with intrusive and unusual questions and requests as soon as my chosen profession is ousted. Sure, it’s unlikely that a woman will disrobe and expose herself in front of me and my wife at a friend’s dinner party, but get us into an online “private” videoconference call, and who knows what body parts will make an abrupt entrance into the conversation. Physicians must approach with caution, says American Academy of Facial Plastic and Reconstructive Surgery (AAFPRS) President Stephen S. Park, M.D. in a recent article4. But, for me and most physicians I know, I feel like the cat is already out of the bag. Considering the amount of texts, emails, online chats, phone conversations over internet and satellite lines, and selfies of both pre- and post-op patients I’ve been privy to, I’m sure I’ve already broken too many laws, and completely disregarded the good doctor’s advice. The truth is, though, that we’ve only begun to scratch the surface.

Telemedicine may involve the electronic exchange of PHI which is protected under HIPAA law. Security considerations with telemedicine involve making sure unauthorized third parties cannot eavesdrop on or record a videoconferencing session where sensitive PHI is transmitted seamlessly, and unfortunately, innocently. Recently, a monumental data breach at one of the nation’s largest insurance providers has spurred a bipartisan political effort to reexamine HIPAA as it relates to telemedicine, possibly adding costly and cumbersome requirements to encrypt EHR data5. Additionally, a recent report done by BitSight Technologies, a cyber security risk analysis and management firm, found that healthcare and pharmaceutical companies ranked the lowest among the four industry categories studied6. Suffice it to say, people are taking heed of this emerging new threat.

The aforementioned laws, rules, and regulations guide the generation, maintenance, and implementation of telemedicine HIPAA compliance. We must be cautioned, though, that HIPAA compliance does not necessarily equate to actual cyber security, and that simply meeting standards set forth in these regulations may not be enough. As more public attention and scrutiny rise to the forefront of media exposure, look for the healthcare industry to take the cyber security threat much more seriously.

Daniel Kaufman, MD
Discreet Plastic Surgery

Bibliography
1. http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/
2. http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/
3. http://www.healthit.gov/policy-researchers-implementers/health-it-legislation-and-regulations
4. http://cosmeticsurgerytimes.modernmedicine.com/cosmetic-surgery-times/news/cosmetic-virtual-consult
5. http://medicaleconomics.modernmedicine.com/medical-economics/news/senate-review-hipaa-security-medical-records-light-anthem-breach
6. http://info.bitsighttech.com/bitsight-insights-industry-security-ratings-vol-4-rc

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Join Medical Spa MD

captcha
MEDICAL SPA MD
Medical Spa MD

A community of dermatologists, plastic surgeons, laser clinics, & skin clinics world wide.

Medical Spa MD is a world-wide community of physicians and clinicians practicing cosmetic medicine. Please read our Terms of Service, Advertising Terms and Privacy Policy.

Copyright © 2011. All rights reserved.

LEGAL NOTICE & TERMS OF SERVICE