Keeping an eye on health care law trends. Thoughts and comments on the health care industry, privacy, security, technology and other odds and ends. Actively posting from 2004-2012 and now "restarted" in response to the COVID-19 Pandemic as a source for health care and legal information.
The Office for Civil Rights (“OCR”) at the Department of
Health and Human Services (“HHS”) has taken steps to permit covered health care
providers subject to the HIPAA Rules to seek to communicate with patients and
provide telehealth services through remote communications technologies.Some technologies and the manner in which
they are used may not comply with the requirements of HIPAA; however, OCR
announced that it will exercise its enforcement discretion and will not impose
penalties for noncompliance with the regulatory requirements under HIPAA rules
against covered health care providers in connection with the good faith
provision of telehealth during the COVID-19 nationwide public health emergency.
For example, a covered health care provider, in the exercise
of their professional judgment, may request to examine a patient exhibiting
COVID- 19 symptoms using a video chat application to assess a greater number of
patients while limiting the risk of infection. Likewise, a covered health care
provider may provide similar telehealth services, in the exercise of their
professional judgment, to assess or treat other medical conditions unrelated to
COVID-19, such as a sprained ankle, dental consultation, or psychological
evaluation, or other conditions.
Under this Notice, however, Facebook Live, Twitch, TikTok,
and similar video communication applications are public facing. They should not
be used in the provision of telehealth by covered health care providers.
Covered health care providers that seek additional privacy protections
for telehealth while using video communication products should provide such
services through technology vendors that are HIPAA compliant and will enter
into HIPAA business associate agreements (BAAs) in connection with the
provision of their video communication products. The list below includes some
vendors that represent that they provide HIPAA-compliant video communication
products and that they will enter into a HIPAA BAA.