HIPAA Telehealth Requirements are Relaxed for COVID-19 by Gloria D. Crawford

As the number of COVID-19 cases are ramping up throughout the country, healthcare providers are experiencing a massive influx of patients.  In response, state and federal governments have had to get creative with methods to treat persons infected with COVID-19 without simultaneously infecting those without the virus. Some methods include: drive-thru testing facilities, building makeshift hospitals, temporarily waiving provider licensure requirements, and the Notification of Enforcement Discretion regarding COVID-19 (the “Notification”) from The Office of Civil Rights Division (OCR) at the Department of Health and Human Services (HHS) which monitors HIPPA compliance issues. The purpose of the Notification is to relax some of the OCR’s HIPAA guidelines surrounding the practice of telehealth.

The Department of Health and Human Services (HHS) defines telehealth as “the use of electronic information and telecommunications technology to support and promote long-distance clinical health care . . . public health and health administration. Technologies include videoconferencing, the internet, store-and-forward imaging, streaming media, and landline and wireless communications.” The Notification allows covered providers (those providers that must comply with HIPAA) to communicate with patients using remote communications technologies and methods that would typically not be covered by HIPAA. This means that the OCR will not penalize covered providers for using methods that would typically violate HIPAA. In order to comply with the newly relaxed guidelines covered providers must use the following: 1) good faith when choosing to treat a patient using these communications technologies; and 2) non-public facing audio or video platforms to communicate with the patient. Telehealth is an acceptable alternative to treat all patients regardless of whether they are seeking treatment for a COVID-19 or other health-related issues.

Non-public facing platforms acceptable to treat patients include*: Apple Facetime, Google Hangouts, Skype, Facebook Messenger video chat, Zoom for Healthcare, Doxy.me, and Microsoft Teams. Many of these companies are already HIPAA-compliant, and will enter into HIPAA business associate agreements with providers. Public facing applications such as Facebook Live, Slack, Twitch, Tik Tok and more are not permissible for telehealth use under the relaxed guidelines. 

If your practice wants to begin offering telehealth services to your patients, please contact our office so that we may guide you through this process. Even with the relaxed requirements, it is vital that your business continues to remain HIPAA and OCR compliant.

* This list of platforms is not exclusive. LLG, its employees and affiliates are not endorsing, recommending, or certifying any of these platforms or their business associate agreements without prior review by an attorney.

Post authored by Gloria D. Crawford