In light of the COVID-19 pandemic, the HHS Office for Civil Rights has announced that for HIPAA-covered healthcare providers, a Notification of Enforcement Discretion will be applied that relaxes the HIPAA compliance in relation to telehealth. This notice covers “all services that a covered health care provider, in their professional judgement, believes can be provided through telehealth in the given circumstances of the current emergency”. They define these covered entities as such if they “transmit health information in electronic form in connection with a transaction for which the Secretary has adopted as standard”. A health insurance company that pays for telehealth services is “not covered” by this notice. This will include the remote diagnosis and treatment of patients via a telehealth service. Additional details from the Notification of Enforcement Discretion indicate that this applies to “Penalties for violations of the HIPAA Privacy, Security, and Breach Notification Rules that occur in the good faith provision of telehealth during the COVID-19 nationwide public health emgency”. This notice currently does not carry an expiration date.
Communication Platform Options
The Notification of Enforcement Discretion is only applicable to communication tools that are NON-PUBLIC facing. The end to end encryption that these HIPAA compliant solutions usually include will reduce the interception of personal and private health information. Some of these include Apple FaceTime, Facebook Messenger (but not Facebook Live) and WhatsApp. These applications give the user controls that include muting and recording the conversation.
Healthcare providers must conduct telehealth treatment in private settings and locations. If this is not an option, lowered voices, not using the speakerphone, and reasonable space and distance between others.
Like many of the standard policies and procedures that are in place, modifications had to be made to accommodate this situation. Government agencies have seen that need and made changes accordingly in an effort to tackle these unprecedented times. Having a strong HIPAA program and trusted security advisor in place can assist you in understanding how your company will be affected and how to proceed best.
We are a proud partner of HIPAA Secure Now!, a company of HIPAA experts dedicated to helping medical entities stay compliant and keeping their data safe. Thank you HIPAA Secure Now! (www.HIPAAsecurenow.com) for the contents of this article.
Want more cybersecurity tips to help keep your business safe & secure? Sign up for our email newsletter and have new articles & tips delivered straight to your inbox monthly.