HHS Announces HIPAA Regulatory Requirements Eased During COVID-19 Emergency

Bruce Armon
Saul Ewing LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Saul Ewing Arnstein & Lehr LLP

On March 17, 2020, the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) announced it is temporarily easing enforcement of certain regulations issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  During the novel coronavirus disease (COVID-19) national emergency, covered health care providers subject to the HIPAA Privacy, Security, and Breach Notification Rules (collectively, the “HIPAA Rules”) may communicate with patients, and provide telehealth services, through remote communication technologies that may not fully comply with the requirements of the HIPAA Rules.  

OCR’s announcement stated, “OCR will exercise its enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency.”  This HIPAA decision follows the March 17, 2020 announcement from the Centers for Medicare and Medicaid Services expanding telehealth benefits for Medicare Beneficiaries.

The relaxation with respect to the HIPAA Rules for using telehealth is effective immediately and provides that a covered health care provider may use popular audio or video communication technology to provide telehealth services to patients, regardless of whether the telehealth service is related to the diagnosis and treatment of health conditions related to COVID-19.  The technologies include Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, or Skype.

OCR’s announcement stated that health care providers who desire additional privacy protections for telehealth should provide those services through technology vendors that represent they provide HIPAA-compliant video communication products and who will enter into a HIPAA Business Associate Agreement.  OCR provided the following list of vendors that meet this criteria:

  • Skype for Business
  • Updox
  • VSee
  • Zoom for Healthcare
  • Doxy.me
  • Google G Suite Hangouts Meet

OCR cautioned however, that health care providers should not use Facebook Live, Twitch, TikTok or similar video communication applications that are public facing to provide telehealth services.

While the COVID-19 pandemic continues and social isolation measures are implemented, health care providers now have an expanded ability to use telehealth services in order to continue to provide medically necessary services to their patients.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Saul Ewing LLP | Attorney Advertising

Written by:

Saul Ewing LLP
Saul Ewing LLP
Contact
more
less

Saul Ewing LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide