Translational Issues in Psychological Science, Vol 10(2), Jun 2024, 111-122; doi:10.1037/tps0000403
Despite the exponential increase in psychologists’ use of telehealth, literature has highlighted variable degrees of preparation to guide their digital practices. Due to the many unique aspects of the use of technology in clinical care, a lack of evidence-informed knowledge can negatively influence psychologists and their organizations, as well as affect patient outcomes. One of the more unique considerations of telehealth use is the data security of electronic protected health information. To ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA), as well as updates presented through the Health Information Technology for Economic and Clinical Health (HITECH) Act, psychologists must be aware of specific-methods to ensure data security in order to foster an ethical and legal practice, as well as mitigate issues. Due to the complex nature of data security, combined with limited graduate training or continuing education materials to guide psychologists in the use of telehealth, guides are needed to clarify recommendations for graduate-level trainees first becoming literate with telehealth, as well as for licensed psychologists, whether early career or seasoned. To address this gap, the current discussion provides a consolidated, psychologist-focused guide for data security recommendations that align with HIPAA and HITECH in efforts to support ethical and legal telehealth practices. Summarized topics include network controls, continuous data protection programs, data backup and recovery, passwords, encryption, business associate agreements, technological administrators, and data breach reporting methods. (PsycInfo Database Record (c) 2024 APA, all rights reserved)