OCR Announces It Will Not Impose Penalties for HIPAA Non-Compliance for Use of Telehealth During COVID-19 Outbreak

3.18.2020

Wilentz Health Law Check Up

The Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) announced on March 17, 2020 that OCR will exercise its enforcement discretion and will not impose penalties for non-compliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency. 

In its announcement, OCR acknowledges that during the COVID-19 national emergency, covered health care providers subject to the HIPAA Rules may seek to communicate with patients, and provide telehealth services, through remote communications technologies.  Some of these technologies, and the manner in which they are used by HIPAA covered health care providers, may not fully comply with the requirements of the HIPAA Rules.

A provider that wants to use audio or video communication technology to provide telehealth to patients during the COVID-19 health emergency can use any non-public facing remote communication product that is available to communicate with patients  This exercise of discretion applies to telehealth provided for any reason, regardless of whether the telehealth service is related to the diagnosis and treatment of health conditions related to COVID-19.

For example, a covered health care provider in the exercise of their professional judgement may request to examine a patient exhibiting COVID-19 symptoms, using a video chat application connecting the provider’s or patient’s phone or desktop computer in order to assess a greater number of patients while limiting the risk of infection of other persons who would be exposed from an in-person consultation.  Likewise, a covered health care provider may provide similar telehealth services in the exercise of their professional judgment to assess or treat any other medical condition, even if not related to COVID-19, such as a sprained ankle, dental consultation or psychological evaluation, or other conditions.

Under this Notice, covered health care providers may use popular applications that allow for video chats, including Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, or Skype, to provide telehealth without risk that OCR might seek to impose a penalty for non-compliance with the HIPAA Rules related to the good faith provision of telehealth during the COVID-19 nationwide public health emergency. 

Providers are to notify patients that these third-party applications potentially introduce privacy risks, and providers should enable all available encryption and privacy modes when using such applications.

Facebook Live, Twitch, and TikTok should not be used. Facebook Live, Twitch, TikTok, and similar video communication applications are public facing, and should not be used in the provision of telehealth by covered health care providers.

Covered health care providers that seek additional privacy protections for telehealth while using video communication products should provide such services through technology vendors that are HIPAA compliant and will enter into HIPAA business associate agreements (BAAs) in connection with the provision of their video communication products. Skype for Business, Updox, VSee, Zoom for Healthcare, Doxy.me, Google G Suite and Hangouts Meet are some vendors that represent that they provide HIPAA-compliant video communication products and that they will enter into a HIPAA BAA.

Note that OCR will not impose penalties against covered health care providers for the lack of a BAA with video communication vendors or any other noncompliance with the HIPAA Rules that relates to the good faith provision of telehealth services during the COVID-19 nationwide public health emergency.

The announcement is effective immediately.

Please keep in mind that this does not address state laws on patient privacy.

If you have any questions regarding telehealth during this COVID-19 outbreak, please contact Grace Mack or any member of the Health Law Team.

Tags: Coronavirus (COVID-19)HIPAATelehealth

BLOG DISCLAIMER

The postings on this blog were created for general informational purposes only and do not constitute legal advice or a solicitation to provide legal services.  Although we attempt to ensure that the postings are complete, accurate, and current as of the time of publication, we assume no responsibility for their completeness, accuracy, or timeliness.  The information in this blog is not intended to create, and receipt of it does not constitute, a lawyer-client relationship.  Readers should not act upon this information without seeking professional legal counsel.

This blog may contain links to independent third party websites and services, including social media. We provide these links for your convenience, and you access them at your own risk.  We have no control over and do not monitor the content or policies (including privacy policies) of these third-party websites and have no responsibility for, and no liability with respect to, their content, accuracy, or reliability.  Unless expressly stated, we do not endorse any of the linked websites or any product, service, or publication referenced herein or therein.  We will remove a link to any site from this blog upon request of the linked entity.

We grant permission to readers to link to this blog so long as this blog is not misrepresented. This site is not sponsored or associated with any other site unless so identified.

If you wish for Wilentz, Goldman & Spitzer, P.A., to consider representing you, please obtain contact information from the Contact Us area of this blog or go to the firm’s website at www.wilentz.com.  One of our lawyers will be happy to discuss the possibility of representation with you. However, the authors of Wilentz blogs are licensed only in New Jersey and/or New York and do not wish to represent anyone who viewed this site in a state where the site fails to comply with all laws and ethical rules of that state.

Sign Up

Grace D. Mack Photo

Grace D. Mack
Co-Chair, Health Law Team
Shareholder
732.855.6025