Sarah Badahman, CHPSE, Founder/CEO, HIPAAtrek
Bethany Baty, Digital Marketing Director, HIPAAtrek
Margaret Scavotto, JD, CHC, President, MPA
On March 17, the Office for Civil Rights (OCR) issued a Notification of Enforcement Discretion for Telehealth Remote Communications during the COVID-19 Nationwide Public Health Emergency. In this Notification, the OCR announced that it will NOT impose HIPAA penalties against covered health care providers using telehealth, in good faith, during COVID-19.
Who is covered by this guidance?
The guidance applies to all covered health care providers.
What programs can providers use for telehealth?
The OCR expressly stated that the following NON-PUBLIC FACING applications may be used for telehealth during COVID-19:
- Facebook Messenger video chat
- Google Hangouts video
What CAN’T be used for telehealth?
Providers CANNOT use PUBLIC-FACING applications such as Facebook Live, Twitch, and TikTok.
What else do providers need to do?
- Notify patients of privacy risks.
- Enable encryption and privacy modes.
- Get a business associate agreement (BAA) from any service providers involved, whenever possible.
The OCR also compiled a list of FAQ related to telehealth use during COVID-19.
Overwhelmed? Grab our Guide to Policy Management!
Without the right tools, policy management can be a lot to handle. We’ve created this workflow to get you started.