Why psychiatrists should care about backgrounds in virtual sessions

When psychiatrists conduct virtual sessions, the potential risk posed by the background setting is often overlooked. Small things like an Alexa accidentally announcing the next patient's appointment or a prescription bottle can leave the organization open to accidentally exposing data. 

Privacy and security in telemedicine

The intimate nature of mental health discussions demands encrypted communication and additional measures to ensure that these conversations remain private. For instance, psychiatrists must obtain explicit consent from patients before using telemedicine platforms and may need to provide additional information about current security measures. 

Regarding the physical environment in which telemedicine is conducted, the provider and patient must consider what appears in the background of video calls. One of the central pieces of advice from the HHS guidance section states, “Find a place away from others (like a private room with a door or your parked car) where you can control who hears or sees your conversation.” For psychiatrists and other providers, this might mean choosing a neutral backdrop, using a professional office setting free of personal items, or employing digital tools that blur or obscure the background. Patients are similarly advised to find a private space for their sessions where they won’t be overheard or interrupted.

What makes a session background a breach risk

Instances of protected health information (PHI) that might accidentally appear in the background could include visible medical bills or insurance documents, prescription bottles with patient names and medication details, or personal journals that may contain sensitive information. Family photographs or other identifiers like mail with addresses can also constitute PHI if they are captured on camera during a session.

Beyond physical items, verbal information is another potential risk. Conversations involving or overheard from family members, roommates, or even smart devices that pick up speech can inadvertently disclose personal details about the patient's health or personal life. These slips can result in breaches of confidentiality that violate HIPAA regulations and lead to serious legal implications for healthcare providers, including fines and loss of credibility.

How to secure telemedicine backgrounds

Prepare your environment:

• Choose a quiet, private office space with a neutral background free of personal items or sensitive documents.
• Consider using a backdrop or a professional screen to block any potentially revealing surroundings.

Check your equipment:

• Test your camera before the session to see what is visible in the background and adjust the framing or background accordingly.
• Use a dedicated computer or device for sessions to avoid personal notifications popping up during a call.

Use professional software:

• Select telehealth platforms that offer features like background blur or virtual backgrounds that can mask your real environment. Use communication software like HIPAA compliant email platforms to communicate outside sessions.
• Ensure the software is up-to-date and has the latest security patches installed.

Communicate best practices:

• Before starting any session, remind patients about the need to secure their own environment.
• Provide guidelines on setting up a private space and minimizing background disturbances.

FAQs

What is telehealth?

Telehealth is the use of digital information and communication technologies, like computers and mobile devices, to access healthcare services remotely and manage healthcare.

Is Zoom HIPAA compliant?

Yes, Zoom offers a HIPAA compliant version of its service for healthcare providers that sign a business associate agreement (BAA) with them, ensuring necessary safeguards to protect sensitive health information.

What is PHI?

Protected health information includes any information in a medical record that can be used to identify an individual and that was created, used, or disclosed in the course of providing a healthcare service, such as diagnosis or treatment.