Recognizing the need to empower healthcare providers to reach those most at risk during the COVID-19 pandemic, the Department of Health and Human Services’ Office for Civil Rights recently issued a notification announcing that it will not impose penalties for noncompliance with HIPAA Rules against those healthcare entities who utilize video and voice applications to provide telehealth services.
During this national emergency, covered healthcare providers can use any non-public facing application to communicate with patients, such as Apple FaceTime, Facebook Messenger video chat, or Skype. These applications may be used regardless of whether the telehealth service is related to the diagnosis and treatment of health conditions related to COVID-19.
Providers are encouraged to notify patients that the use of these applications introduce potential privacy risks. They should also enable all available encryption and privacy modes. Public-facing applications, such as Facebook Live, Twitch, and TikTok, should not be used for this telehealth purpose.
Despite the assurance from the Office for Civil Rights with respect to the HIPAA Rules, healthcare entities should continue to take precautions to ensure continued compliance with state privacy laws.