The American Telemedicine Association releases a statement on consumer health data

The American Telemedicine Association (ATA) has released a statement on ensuring telehealth programs meet privacy and security standards. 

What happened

ATA, an organization devoted to advancing safe and affordable telehealth, has been meeting with national and state officials to discuss privacy in virtual care settings

According to a report, following state and national-level discussions, the ATA released its data privacy principles, a document outlining the principles ATA is prioritizing. 

The new principles will dictate how ATA will engage with other agencies, such as the Federal Trade Commission, on privacy issues. 

Going deeper

The ATA lists the following as primary principles for data privacy in telehealth:

1. Consistency: ATA suggests that a federal policy on telehealth data protection would create more uniformity and is preferable to a state-by-state approach. While privacy law should evolve with technological advances, ATA believes that federal policy would prevent consumer and organization confusion. 
2. Definition of consumer health data: ATA believes that state law should define consumer health data in the same way as HIPAA. 
3. HIPAA: ATA advises that state laws should be consistent with HIPAA standards but not exceed them. Furthermore, ATA believes that entities that are required to follow HIPAA guidelines should be exempt from state privacy laws. 
4. Consumer rights:. ATA states consumers should have “meaningful, accessible, and actionable rights.” These rights include the right to access and delete data, as well as written notice from organizations reminding consumers of these rights. 
5. Consumer consent, sale of data, and opt-out: ATA advises that consumers are made clearly aware of what data is collected, how it will be used, and how to opt out of data collection for targeted advertising, data sales, or profiling. ATA believes that sensitive data, which would require explicit disclosure to be shared, includes personal data like race, religion, health diagnoses, sexuality, and more.

Why it matters

Telehealth is a relatively new technology, but with the pandemic, it has skyrocketed in usage. As such, many believe current state and national policies are significantly lacking, especially when it comes to privacy. 

During the pandemic, many telehealth organizations were exempt from certain HIPAA measures. Still, when the exemption ended in April, many organizations were left uncertain of how best to protect private information. 

Related: Telehealth HIPAA compliance after the COVID-19 exemption ends

What was said

Kyle Zebley, ATA’s senior vice president of public policy, spoke to Healthcare IT News, saying, “What [these principles] signify is the consensus perspective on these issues from the perspective of the telehealth community.” 

Zebley also said that “Telehealth is healthcare.” He believes telehealth care should be treated similarly to other healthcare services. “Let’s apply tried-and-tested principles of the oversight and regulation of healthcare as we would for in-person care, as we think about how we get telehealth more integrated into that overall U.S. healthcare system,” Zebley advised. 

The big picture

ATA is a leading organization advocating for telehealth providers. ATA continues to lead the way on policy proposals and solutions to ensure that telehealth can thrive while protecting patient’s privacy. 

Related: HIPAA Compliant Email: The Definitive Guide