What do you need to know about telehealth and HIPAA, and what has changed to address COVID-19
With COVID-19 dictating most of our actions currently, many offices are switching to seeing patients via telehealth appointments. Under HIPAA, healthcare providers may communicate with patients and provide telehealth services through remote communications technologies. However, some technologies and how they are being used, may not fully comply with HIPAA requirements. So what do you need to know about telehealth and HIPAA, and what has changed to address COVID-19? Below are three points to help you navigate telehealth and understand the changes regarding HIPAA during this nationwide public health emergency.
The Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) recognizes COVID-19 as a national emergency which constitutes a nationwide public health emergency. OCR will exercise its enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency. This notification is effective immediately.
- Guidelines for use of audio or video communication technology to provide telehealth during the COVID-19 nationwide public health emergency:
- Use non-public facing remote communication product
- Applies to telehealth provided for any reason, regardless of whether the telehealth service is for COVID-19 treatment
- May use popular applications that allow for video chats, including Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, or Skype
- Providers are encouraged to notify patients that third-party applications potentially introduce privacy risks
- Enable all available encryption and privacy modes
- Certain audio or video communication technology that should not be used:
- Facebook Live
- Similar video communication applications that are public facing
- For additional privacy protection, use vendors that are HIPAA compliant and will enter into HIPAA business associate agreements (BAAs) for video communication products. Some of these vendors include:
It's important to understand that the only changes to HIPAA enforcement affects telehealth communications. HIPAA is still enforced during this time and any breaches will not be overlooked due to COVID-19.
We know this is a scary time for everyone. It is for us as well. We are working to release timely information and resources to help you better understand HIPAA and CDC infection control policies and changes during this time. To access our free resources, visit our new COVID-19 Resource page.
Should you have any questions or need assistance with HIPAA or OSHA/Infection Control, please call us at 800.334.6071 or email email@example.com.